Full GDPR alignment, by design — not as an afterthought.
LEIP was architected with EU data protection law as a first-class constraint. This chapter walks the GLS Board through the legal basis, the role split, the safeguards in place, and the three myths we hear most often.
GLS Portugal
Defines the purpose: enforce carbon and compliance accountability across its subcontractor network. Owns the relationship with carriers and the lawful basis for processing their operational data.
ZeroPact
Processes data only under GLS instructions, governed by an Art. 28 GDPR Data Processing Agreement. ZeroPact never repurposes carrier data, never sells it, never uses it to train models outside the GLS tenant.
Operational safeguards — what GLS gets at contract
Three concerns we hear — and the answer
"Behavioral scoring is automated decision-making under Art. 22."
LEIP scoring informs human auditors — it never produces legal or similarly significant effects on a data subject without human review. A flagged carrier always triggers a human-led Conditional Proof Request before any enforcement action.
"You're processing driver personal data."
We don't. LEIP operates on vehicle-level and shipment-level data. Where carrier feeds include driver identifiers, ZeroPact pseudonymizes them at ingestion — the controller-side keys are never accessible to ZeroPact.
"Cloud means data leaves the EU."
LEIP runs on EU-region infrastructure with contractual guarantees against cross-border transfer. We publish the sub-processor list and notify GLS 30 days before any change, with a documented objection right.