Is the shipping industry prepared for GDPR

News / / Is the shipping industry prepared for GDPR

To read the PDFnbspversion of this factsheet, please click hereWhat personal data do you hold, where and whygtnbspnbspRun audits and risk assessments on collected personal datanbspConsider what data you have, why, who sees it, who needs to see it, how long it needs to be kept, and whether it is shared, particularly if sent outside the EEA and ensure that all this information is documentedgtnbspnbspUpdate outdated personal data or delete it if it is no longer needed gtnbspnbspConsider what employee and passenger data you hold and whether some of that data contains sensitive personal data (for example, medical information) which has an additional layer of protection (the individual's consent is required for processing, save in life or death situations)What is your lawful reason for processing personal data and how do you record thatgtnbspnbspIf you currently rely on consent for processing personal data, ensure this is documented properlygtnbspnbspCheck whether there are other grounds that you can rely on instead eg is the processing necessary for the performance of a contract with the individual or for a legitimate business reason (both of which might apply to passenger or employee information) and record the reason relied ongtnbspnbspCheck that each individual on any marketing databases has consented to receive electronic marketing, or that they were given the opportunity to opt out from such marketing when their contact details were first collectedIs your Privacy Notice GDPR readygtnbsp Add a privacy policy to your website and emails (or update it if you already have one) to make clear how you use personal data collected (for example, through online bookings)gtnbspnbspConsider just in time notices (such as a text box which appears on the screen when the individual starts to input personal data) to say how that information will be usedgtnbspnbspIf you collect information on individuals from third parties (such as travel agents), ensure that the individuals are aware that you are processing their data and consider amending contracts with the third parties to ensure that this is done Who do you share personal data with, why and what controls do you have in place to protect that datagtnbspnbspConsider which of your service providers and counterparties (such as travel agencies, local agents, crewingmanning agents) are acting as data processors and which are acting as controllers or joint controllers gtnbspnbspMake sure that your contracts with other parties who might be data controllers or processors are clear about their responsibilities under the GDPR How do you deal with and report data protection breachesgtnbsp Ensure that systems are in place to notify a personal data breach to the relevant supervisory authority within 72 hours after becoming aware of a personal data security breach and to notify the data subject without undue delay in prescribed circumstancesgtnbspnbspCreate and maintain a register of data breaches, including details of how the breach occurred and what steps were taken to resolve itgtnbspnbspConsider taking out cyber and data risks insurance as an extra layer of protectionDo you need a Data Protection OfficergtnbspnbspDesignate someone to take responsibility for data protection compliancegtnbspnbspAssess whether you are required to appoint a Data Protection Officer, or whether you wish to appoint one voluntarily (this may be advisable for high profile cruise companies that hold a lot of passenger data) and make arrangements accordingly Do you transfer personal data internationally (including online or via cloud services)Within the EEA gtnbspnbspAppoint a Lead Supervisory Authority (LSA)gtnbspnbspCheck for any country-specific guidance published by the LSA or any secondary legislation enacted in that jurisdiction and seek assistance from the LSA on any areas of ambiguityOutside the EEA gtnbspnbspConsider whether any exemptions for transfers of personal data outside the EEA applygtnbspnbspIf not, assess whether the requirements for transfer are metgtnbspnbspIn the case of multinational companies, consider adopting Binding Corporate RulesWhat processes do you have in place to deal with improved rights for individualsgtnbspnbspPut processes in place to deal with requests from individuals (often crew), making data subject access requests within the shorter period permitted for response (one month maximum)gtnbspnbspEnsure that those dealing with personal data know how to deal with the new rights, including how to delete data if requested and how to provide data electronically

Related sectors:

Related services:

Related news & insights

Insights / The uncertainty continues… Post-Brexit recognition and enforcement of judgments: UK still seeking accession to Lugano Convention

19-10-2021 / Maritime

On 31 December 2020, the Brexit transition period ended. As a result, the UK’s regime for recognising and enforcing judgments within Europe ceased to be governed by the Brussels regime, primarily the recast Brussels Regulation (EU member states), and the Lugano Convention 2007 (EU member states, Iceland, Norway and Switzerland).

The uncertainty continues… Post-Brexit recognition and enforcement of judgments: UK still seeking accession to Lugano Convention

Events / Maritime Week Gibraltar 2021

18-10-2021 / Maritime

Maritime Week Gibraltar 2021 is a highly informative, multi-format interactive event, designed to showcase the many shipping, port and maritime services offered in Gibraltar to a wider international audience.

Maritime Week Gibraltar 2021

Insights / Court considers breach of confidentiality and unlawful conspiracy claims in ship design dispute

18-10-2021 / Maritime

Salt Ship Design AS v. Prysmian Powerlink SRL [2021] EWHC 2633 (Comm)

Court considers breach of confidentiality and unlawful conspiracy claims in ship design dispute

News / AfCFTA and Energy & Infrastructure

11-10-2021 / Energy & Infrastructure, Maritime

This article is the third in a series of articles looking at the impact of the African Continental Free Trade Area (the “AfCFTA”) on various practice areas and industry sectors that our clients operate in. This article focuses on Energy and Infrastructure and addresses some of the key questions our clients have asked us.

AfCFTA and Energy & Infrastructure

Insights / Witness evidence reforms now apply in the Admiralty Court

07-10-2021 / Maritime

Following much discussion, the witness evidence reforms have now made their way to the Admiralty Court. The provisions now apply to trial witness statements signed on or after 1 October 2021 in Admiralty Court proceedings and constitute a further reminder that a witness statement must be exactly that – a statement in the words of the witness.

Witness evidence reforms now apply in the Admiralty Court

News / Mutual benefit: A focus on superyacht crew welfare - Interview with SuperyachtNews

07-10-2021 / Maritime, Yachts & Superyachts

“I am regularly instructed on behalf of yacht owners and their liability underwriters to defend crew mental health claims made against them, a trend which had been increasing for several years now,” starts Rachel Butlin, partner at Ince. “Within the yacht industry, I have been involved in many cases in which there have been not just physical injuries to yacht crew but increasingly psychiatric ones, including anxiety and post-traumatic stress disorders, as well as depression and the emotional consequences of bullying/assault.”

Mutual benefit: A focus on superyacht crew welfare - Interview with SuperyachtNews