Menu
Is the shipping industry prepared for GDPR

News / / Is the shipping industry prepared for GDPR

To read the PDFnbspversion of this factsheet, please click hereWhat personal data do you hold, where and whygtnbspnbspRun audits and risk assessments on collected personal datanbspConsider what data you have, why, who sees it, who needs to see it, how long it needs to be kept, and whether it is shared, particularly if sent outside the EEA and ensure that all this information is documentedgtnbspnbspUpdate outdated personal data or delete it if it is no longer needed gtnbspnbspConsider what employee and passenger data you hold and whether some of that data contains sensitive personal data (for example, medical information) which has an additional layer of protection (the individual's consent is required for processing, save in life or death situations)What is your lawful reason for processing personal data and how do you record thatgtnbspnbspIf you currently rely on consent for processing personal data, ensure this is documented properlygtnbspnbspCheck whether there are other grounds that you can rely on instead eg is the processing necessary for the performance of a contract with the individual or for a legitimate business reason (both of which might apply to passenger or employee information) and record the reason relied ongtnbspnbspCheck that each individual on any marketing databases has consented to receive electronic marketing, or that they were given the opportunity to opt out from such marketing when their contact details were first collectedIs your Privacy Notice GDPR readygtnbsp Add a privacy policy to your website and emails (or update it if you already have one) to make clear how you use personal data collected (for example, through online bookings)gtnbspnbspConsider just in time notices (such as a text box which appears on the screen when the individual starts to input personal data) to say how that information will be usedgtnbspnbspIf you collect information on individuals from third parties (such as travel agents), ensure that the individuals are aware that you are processing their data and consider amending contracts with the third parties to ensure that this is done Who do you share personal data with, why and what controls do you have in place to protect that datagtnbspnbspConsider which of your service providers and counterparties (such as travel agencies, local agents, crewingmanning agents) are acting as data processors and which are acting as controllers or joint controllers gtnbspnbspMake sure that your contracts with other parties who might be data controllers or processors are clear about their responsibilities under the GDPR How do you deal with and report data protection breachesgtnbsp Ensure that systems are in place to notify a personal data breach to the relevant supervisory authority within 72 hours after becoming aware of a personal data security breach and to notify the data subject without undue delay in prescribed circumstancesgtnbspnbspCreate and maintain a register of data breaches, including details of how the breach occurred and what steps were taken to resolve itgtnbspnbspConsider taking out cyber and data risks insurance as an extra layer of protectionDo you need a Data Protection OfficergtnbspnbspDesignate someone to take responsibility for data protection compliancegtnbspnbspAssess whether you are required to appoint a Data Protection Officer, or whether you wish to appoint one voluntarily (this may be advisable for high profile cruise companies that hold a lot of passenger data) and make arrangements accordingly Do you transfer personal data internationally (including online or via cloud services)Within the EEA gtnbspnbspAppoint a Lead Supervisory Authority (LSA)gtnbspnbspCheck for any country-specific guidance published by the LSA or any secondary legislation enacted in that jurisdiction and seek assistance from the LSA on any areas of ambiguityOutside the EEA gtnbspnbspConsider whether any exemptions for transfers of personal data outside the EEA applygtnbspnbspIf not, assess whether the requirements for transfer are metgtnbspnbspIn the case of multinational companies, consider adopting Binding Corporate RulesWhat processes do you have in place to deal with improved rights for individualsgtnbspnbspPut processes in place to deal with requests from individuals (often crew), making data subject access requests within the shorter period permitted for response (one month maximum)gtnbspnbspEnsure that those dealing with personal data know how to deal with the new rights, including how to delete data if requested and how to provide data electronically

Related sectors:

Related services:

Related news & insights

News / Thélem’s the breaks: recovering English solicitors’ fees in the Scottish Courts

10-08-2022 / Maritime

Kirkwood v. Thélem Assurances [2022] CSOH 53 A recent Outer House Opinion has provided welcome clarity on the recovery of English solicitors’ fees in the Scottish Courts.

Thélem’s the breaks: recovering English solicitors’ fees in the Scottish Courts

News / Court finds extra-contractual counterclaims fell within scope of arbitration agreement

02-08-2022 / Maritime

Sea Master Special Maritime Enterprise & another v. Arab Bank (Switzerland) Ltd (Sea Master) [2022] EWHC 1953 (Comm) This bill of lading dispute raised issues as to whether the Bank financing the purchase of a cargo, and the holder of a switch bill of lading for the cargo, was a party to the arbitration agreement incorporated into the switch bill and, if so, whether certain counterclaims brought by the Owners came within the scope of that arbitration agreement. The Court agreed with the tribunal’s findings that, once the Court had decided that the Bank was a party to the arbitration agreement, then the counterclaims for reasonable remuneration and quantum meruit came within the ambit of the arbitration agreement, being claims “arising out of or in connection” with the bill of lading contract.

Court finds extra-contractual counterclaims fell within scope of arbitration agreement

News / Party offered reasonably satisfactory security following collision obliged to accept it

20-07-2022 / Maritime

MV Pacific Pearl Co Ltd v. Osios David Shipping Inc (Panamax Alexander) [2022] EWCA Civ 798 The Court of Appeal has confirmed that a party to ASG 2, the standard form Collision Jurisdiction Agreement, is obliged to accept reasonable security once it is offered and cannot choose to refuse that security and seek alternative or better security by arresting a ship. In such circumstances, there is no right to an arrest or any justification for it.

Party offered reasonably satisfactory security following collision obliged to accept it

News / Rosita Lau, MH calls for China businesses to opt for Hong Kong arbitration in their contracts

15-07-2022 / Maritime

In an interview published this morning (14 July) in The Hong Kong Maritime Hub, Ince Partner Rosita Lau, MH calls for Chinese businesses to opt for Hong Kong arbitration in their contracts, initiative that requires attention of officials from the highest level.

Rosita Lau, MH calls for China businesses to opt for Hong Kong arbitration in their contracts

News / Court finds Covid-19 restrictions did not constitute force majeure under MOA

13-07-2022 / Maritime

NKD Maritime Limited v. Bart Maritime (No 2) Inc (Shagang Giant) [2022] EWHC 1615 (Comm) The Court has construed a force majeure clause and considered whether Buyers validly terminated a contract for the sale of a vessel on the basis that Covid-19 lockdown restrictions prevented Sellers from transferring title in the Vessel. 

Court finds Covid-19 restrictions did not constitute force majeure under MOA

News / Shipping gets smart

20-06-2022 / Maritime

On 25 November 2021, the UK Law Commission published its Advice to the UK Government on how English law currently applies to smart legal contracts. Subsequently, on 16 March 2022, the Law Commission published its report on electronic trade documents, together with draft legislation that would implement its recommendations to allow for the legal recognition of trade documents such as bills of lading and bills of exchange in electronic form.

Shipping gets smart