GDPR Archives - SHIP IP LTD

Aug-6-Port-of-Vladivostok-joins-TradeLens-af4sKS06muvzjpg

International Maritime Bureau’s Piracy Reporting Centre (IMB), the Gulf of Guinea hit a record with 130 crew kidnappings in 22 separate incidents in 2020 (source: ICC Commercial Crime Services).

About 95% of all reported maritime kidnapping cases worldwide have taken place in the Gulf of Guinea. Unfortunately, the first months of 2021 do not show any signs of improvement. Already in January several notable attacks and violent kidnappings were reported.

The IMB report notes that incidents in the Gulf of Guinea are particularly dangerous as the majority of the perpetrators were equipped with guns. Until a couple of years ago cargo theft seemed to be the main driver for piracy, but nowadays we are seeing a shift towards violent kidnapping of crew members with the objective to demand a ransom. The kidnapped crew members are consequently taken deep into the jungle where they are held hostage for months until ransom is paid. The conditions in the camps are severe, resulting in sickness or sometimes even death.

The issue of piracy in the Gulf of Guinea used to be significantly different from, for example, the Horn of Africa, where most attacks take place in international waters where vessels can be protected by the international community. Within the Gulf of Guinea, however, many attacks occur near the coast and the responsibility to deal with an act of piracy within territorial waters rests with the coastal state. Previous years have shown that the pirates are now able to operate further from shore, as incidents have been reported to take place at 200 nautical miles from the coastline. As a result, the international community has been alerted and initiatives to protect vessels have been initiated such as, for example, the pilot case of the EU’s Coordinated Maritime Presences (CMP) concept (source: European Council).

It is noted that in addition to the existing High-Risk Area in the territorial waters of Nigeria and Benin, a new Extended Risk Zone has been designated to cover a substantially larger area in the Gulf between Liberia and Angola.

 

Source: maritimecyprus


When the General Data Protection Regulation1 (GDPR) came into force throughout the European Union nearly three years ago, one of its most eye-catching features was its extraterritorial jurisdiction provisions. These extend the reach of the GDPR to businesses located outside the European Union who offer goods or services to EU residents or who monitor the behavior of EU residents.2

Under the threat of becoming liable for a breach of the GDPR and potential fines of up to €20m or four percent of global turnover (whichever the higher), many businesses based in the United States and other locations outside the European Union have simply taken a stance of refusing to deal with EU residents, including taking measures such as geo-blocking websites to EU-based visitors. Other businesses, in the United States and elsewhere, have found themselves contemplating whether they might be subject to the GDPR and how to react merely because they have made a new EU-based business connection, acquired the contact details of a potential customer in the European Union, or even become aware that an employee at a customer organization had moved to the European Union.

A court in the United Kingdom has now considered the limits of extraterritorial jurisdiction of the GDPR, which may provide some reassurance to overseas businesses that limited contact with EU residents via a website may not necessarily lead to them being subject to the GDPR.

In the recent case of Soriano v Forensic News,3 the High Court of England and Wales looked at the extent to which the U.S.-based news website defendant, Forensic News, could be regarded as being subject to either limb of the GDPR’s jurisdiction provisions in relation to its processing of the personal data of the UK-resident claimant as part of its journalistic activities. The facts of the case derive from the period prior to Brexit and the end of the transition period, while the United Kingdom was still subject to EU law, and therefore, the court applied the EU version of the GDPR and related jurisprudence and guidance.

The GDPR’s jurisdiction provisions are set out in Article 3 and have two elements: (1) an organization is “established” in the European Union for the purposes of the GDPR, or (2) the extraterritorial jurisdiction provisions, which apply when an organization located outside the European Union offers goods or services to EU residents or monitors their behavior. Although the main purpose of the Soriano case was to decide on whether the United Kingdom was the appropriate forum in which to litigate a range of other potential claims, including defamation, malicious falsehood, harassment, and misuse of private information, its interpretation of the jurisdiction of the GDPR is significant because it is one of the few judicial authorities that have been handed down on this issue so far.

 

Source: natlawreview


Info-centre19.jpg

Carbon reduction is a key strategic objective for our company and follows our mission of connecting the world today, creating a sustainable tomorrow,” said Oeyvind Lindeman, Chief Commercial Officer at Navigator. “We continuously strive to reduce our carbon emissions through innovations in the way we manage our company and in the way we operate our assets. Offsetting is one of several tools we choose to use in order to deliver a true carbon-neutral voyage. We are looking at ways to further promote and develop similar voyages in collaboration with our stakeholders whilst always keeping the UN’s Sustainable Development Goals in mind.”

In addition to industry-led technological and regulatory developments in reducing its carbon footprint, Navigator Gas looks forward to further harnessing the potential of similar projects in the future to provide carbon offsetting to its customers in an effort to abate the current carbon emissions associated with day-to-day shipping activities, whilst future solutions are developed and deployed.

“Navigator is taking the lead in applying new solutions to address the existing carbon footprint associated with seagoing vessels. Their effort marks a landmark change in the global maritime sector by moving from words to tangible action, and we believe many more will follow their example. At CHOOOSE, we are proud to be participating in this global change led by Navigator by building technology that makes the global maritime sector a part of the solution,” said Andreas Slettvoll, CEO and co-founder at CHOOOSE.

Navigator Holdings Ltd. is the owner and operator of the world’s largest fleet of Handysize liquefied gas carriers and a global leader in the seaborne transportation of petrochemical gases, such as ethylene and ethane, liquefied petroleum gas (“LPG”) and ammonia. We play a vital role in the liquefied gas supply chain for energy companies, industrial consumers and commodity traders, with our sophisticated vessels providing a safe, efficient and reliable ‘floating pipeline’ between the parties. Please visit www.navigatorgas.com for more information.

 

Source: prnewswire


https___d1e00ek4ebabms.cloudfront.net_production_0a99ef88-3de6-454b-b5ac-5c723f4f7624.jpg

Please use the sharing tools found via the share button at the top or side of articles. Copying articles to share with others is a breach of FT.com T&Cs and Copyright Policy. Email licensing@ft.com to buy additional rights. Subscribers may share up to 10 or 20 articles per month using the gift article service. More information can be found here.
https://www.ft.com/content/20b9430e-9058-4d7f-b953-d5d178def3c5

Fines imposed under the General Data Protection Regulation have increased by almost a half over the past year as European authorities flexed their regulatory muscles despite disruption caused by the pandemic. A total of €272m has been levied in fines by European data protection authorities since the introduction of the GDPR in 2018. Over half of those penalties were imposed by Italy and Germany. According to research by DLA Piper, €159m of those fines were imposed in the past 12 months, an increase of nearly 40 per cent on the first 20-month period after GDPR came into force.

 

Source: ft


magnifier-adobe-stock-116301.jpeg

The new software provides a .NET framework, optionally with source code, that can be used as the starting point for a custom ship-based application, providing display of primary radar, radar tracks, electronic navigational charts (S-57/S-63), secondary transponder information, such as AIS and ADS-B, and NMEA navigation data.

The MDF software can receive radar video from a variety of maritime radar sensors including Furuno, Hensoldt, JRC, Koden, Raymarine, Raytheon, Simrad, Sperry and Terma, with control of the radar supported for certain models.

The MDF software supports many display capabilities required in an ARPA display, including bearing lines, range markers, trails and closest point of approach (CPA) and time to CPA (TCPA). Additionally, camera video is supported for situations where a customer requires an integrated radar and camera display for security against piracy and smugglers.

David Johnson, CEO, Cambridge Pixel, said: “Using the MDF framework application with source code, developers can significantly accelerate the time to develop a customer application. The software offers a fully-functional out-of-the-box display application in a development environment so that customised displays can easily be created.”

A marine radar with automatic radar plotting aid (ARPA) capability can create tracks using radar contacts. The system can calculate the tracked object’s course, speed and CPA, thereby knowing if there is a danger of collision with the other ship or landmass. Marine radars with ARPA are used on numerous commercial vessels including cargo ships, passenger ferries, trawlers, superyachts and tankers.

“Our MDF software application provides maritime integrators with a working solution from day one and gives them the freedom to add the bells and whistles later,” said David Johnson. “So rather than a developer starting from scratch with a low-level library of modules we provide those building blocks as a pre-packaged application to fast-track development.”

“This is attractive to new entrants to the ARPA display console market and for software developers who may be looking for a better pedigree of standard modules for their application and who want to focus their software development efforts on customisation.”

The MDF software is compatible with Cambridge Pixel’s radar processing products, such as SPx Server for target tracking and SPx Fusion. A complete ship-based radar processing solution can be provided using standard server applications for radar processing and a customised MDF client application.

The Maritime Display Framework is written in the C# language and is designed for development of a Windows WPF-based client application.

Cambridge Pixel’s Maritime Display Framework is part of a family of radar acquisition and processing components and applications that provide system integrators with a powerful toolkit to build server and client display systems. The company’s world-leading SPx suite of software libraries and applications provides highly flexible, ready-to-run software products or ‘modules-of-expertise’ for radar scan conversion, visualisation, radar video distribution, target tracking, sensor fusion, plot extraction and clutter processing.

Cambridge Pixel’s radar technology is used in naval, air traffic control, vessel traffic, Electronic Chart Display and Information Systems (ECDIS), commercial shipping, security, surveillance and airborne radar applications.

 

Source: prnewswire


GDPR-Maritime-e-Learning-Navigation-Page-800x494.jpg

On the 25th May 2018, the EU GDPR came into force. This significant legislation, described by some as the “biggest single shake up of data legislation in the last 25 years,” has wide reaching impacts for all Maritime organisations who collect, manage, process and store personally identifiable and personal sensitive data for EU citizens – anywhere in the world .

Our new, NCSC Certified e-Learning course offers organisations an accessible and comprehensive method of raising GDPR awareness across all users of the business quickly.

 

Source: templarexecs


Threats_1000x600-768x461.jpg

Why is GDPR particularly relevant to shipping?
Although GDPR will probably affect every organisation that
processes personal data, the shipping industry will be particularly
affected due to the following reasons:
• Even small shipping companies process personal data of their
crew on a daily basis. Most shipping companies keep records of
their crew members between embarkations and for some time
after the last debarkation.
• Personal data processed by shipping companies includes
personal identification documents, bank details, travel
documents, training records but also data considered to be
‘sensitive’ such as medical records.
• Shipping companies receive personal data from many sources such
as the individuals themselves, manning agents, port agents and
other third parties, in the normal course of business.
• They send personal data to many recipients such as port agents,
travel agents and P&I clubs.
• They regularly make data transfers to a large number of
jurisdictions, with particular interest in those made to countries
outside the EU, and in specific, those where certain conditions
must be met in order for the transfer to be allowable.
What should shipping companies do?
1. AWARENESS
It is crucial that shipping companies kick-start their GDPR project
with raising awareness among top management on what GDPR
requires and what the key risks for their particular organisation
are. Engaging the right people at top management level is
necessary to ensure that the organisation commits the necessary
time and resources and develops a culture that respects privacy.
2. TEAM
With the full support of management, organisations need to
assemble a multi-discipline team to run the project ensuring
risk, legal and IT are included. The appointment of a Data
Protection Officer may be required, under certain
circumstances, in which case the organisations need to
consider who that person might be. Trusted external advisors
can bring technical expertise, perspective and help save time.
3. IDENTIFICATION OF DATA PROCESSING ACTIVITIES
It is then time to identify and record the data processing activities,
ensuring that for each activity, the entire data lifecycle is captured
(from collection all the way to destruction). Data processors and
joint-controllers should also be identified at this stage.
4. GAP ANALYSIS AND COMPLIANCE PLAN
Whilst capturing the flows, organisations should look for the
weaknesses in the data flows, evaluate the resulting risk and
respond to that risk with a specific practical plan of action, so that
the risk can be mitigated to an acceptable low level. To identify
weaknesses they will also need to consider their policies and
procedures, their current compliance framework (for example ISM,
MLC etc) as well as tools and enablers, including legal documents
(forms, terms and conditions, etc) and of course the IT environment.
5. IMPLEMENTATION OF CHANGES IN POLICIES,
PROCEDURES, NOTICES, LEGAL, IT
Once the specific action plan is complete, organisations can then
proceed to the implementation phase. This would normally include
making changes in privacy policies, contracts with manning agents,
P&I clubs, information notices to port agents, staff and crew as
well as drafting appropriate consent forms. Implementation could
also include changes in manual procedures, IT security (firewalls,
encryption etc) and business continuity & disaster recovery plan.
External advisors can again help carry out various aspects of the
implementation but also assist in managing the effort.

 

Source: greece.moorestephens


cyber-1654709-696x392.jpg

New technologies have led to significant changes in our daily lives. The reflections of these changes appear as new rules and laws on privacy and security. Today, both public institutions and private sector have access to various information belonging to thousands of people within the scope of the performed business. This information obtained can be processed and transmitted easily as a result of the rapid developments in information technologies.

By increasing the requirements of companies in terms of privacy and security, this transformation made digitalization inevitable. This necessity can also be seen by various organizations as a “technological restructuring” opportunity. Due to the Turkish Personal Data Protection Law (KVKK), which has been introduced in 2016, organizations that do not have enough infrastructure and knowledge in the area of privacy and security have started to focus on this area.

Personal Data Protection is directly related to the right of privacy, which is one of the fundamental human rights. Before KVKK, the rules on the Personal Data Protection were to specify with Turkish Criminal Code, Constitution and other relevant legislation. Personal Data Protection Law No. 6698 is the most important legal regulation with the most severe sanctions.

Source: verisistem

gdpr-640-small.jpg

The new European General Data Protection Regulation (Regulation (EU) 2016/679), will enter into force on the 25th of May 2018, and it is expected to affect businesses, government agencies and organisations, which collect or analyse information of European Union citizens.

The 28th of January each year is the global Personal Data Protection day, which for 2018, has a particular importance because the EU General Data Protection Regulation (“GDPR”) will come into force in May 2018. Stricter rules and higher fines increase the risks of non-compliance. Violations of the GDPR can have a severe impact on companies that handle personal information – both financially, as well as for their reputation.
Meeting GDPR is not just a compliance requirement, but can also lead to a competitive advantage by proving to be a trustworthy employer and business partner for customers.
What is personal data?

Personal data is defined as any information concerning the personal or material circumstances of a person and is associated with the data on employees, contractors and customers. This includes name, address, material conditions, such as health, or IP address.

Certain kinds of data are classified as “sensitive”. These are data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, or data concerning health or sex life.

To help the shipping industry understand and comply with the new GDPR Regulation Maritime Academy is offering a course that will assist those who have day-to-day responsibility for data handling, to implement better its provisions.

The following subjects are discussed and analysed:
Provisions and principles of the new regulation and understanding
What constitutes personal data?
Who does the GDPR affect?
What is the difference between a data processor and a data controller?
Get informed on the rights of the data subjects.
Discuss if you need to appoint a Data Processing Officer (DPO) and
What are his duties and responsibilities?
Hear how to transfer personal data to third countries
The penalties for non-compliance
Learn how to have your Privacy Notice GDPR ready
Understand how to organise an information audit to map data flows and
The use of the Data Protection Impact Assessment (DPIA)
Get informed on how to deal with and report data protection breaches and
Exercise due diligence under the GDPR
Explore other jurisdictions’ data protection laws
Get up-dated on recent famous data breaches

Source: DNV GL Maritime Academy Hellas

 


Risks-in-Maritime-Cybersecurity.jpg

With this Law, which has been regulated in consideration of international documents, Turkish Constitution, Turkish Laws, comparative law practices and the needs of our country in our age, it is aimed to protect the fundamental rights and freedoms of individuals, especially the privacy of personal life, by processing personal data in contemporary standards. In this context, the Law regulates the conditions of processing personal data, the basic principles to be adopted regarding the protection of personal data, the obligations of natural and legal persons who process personal data, and the procedures and principles they will comply with.

EU General Data Protection Regulation (GDPR)

In order to make the regulations regarding the protection of personal data in the member states of the European Union compliant, The Personal Data Processing and Free Movement Directive No. 95/46/EC was abolished in line with the new requirements regarding the protection of personal data and this regulation is put into effect in 2018. In order to ensure the data security of the residents of the European Union, the main purpose of the regulation is to provide them an effective approach to privacy and security with the reshaping of organizations in terms of compliance.

Source: cottgroup