GDPR Archives - Page 10 of 10 - SHIP IP LTD

Maritime General Data Protection Regulation (GDPR) – Privacy Policy Generator!

The main focus of the General Data Protection Regulation (GDPR) is the protection of personal data and digital privacy.

Because of this, your Privacy Policy is going to be an important part of your GDPR compliance plan.

A Privacy Policy is where you let your users know:

  • What personal information you collect
  • How and why you collect it
  • How you use it
  • How you secure it
  • Any third parties with access to it
  • If you use cookies
  • How users can control any aspects of this

Privacy Policies tend to be long, dense legal agreements with a lot of detailed information. Your users might feel intimidated by page after page of technical information, which is what the GDPR is working to avoid.

Update your Privacy Policy to be GDPR-compliant by cutting out legalese and using clear language that your average user will understand.

Along with the seven standard points above, you must also include the following information in your Privacy Policy to be GDPR-compliant.

Note that each point doesn’t have to be a separate clause. As long as the information is somewhere in your Policy, it will work.

1. Who your Data Controller is

2. Contact information for the Data Controller

3. Whether you use data to make automated decisions

4. Inform users of the 8 rights they have have under the GDPR

5. Whether providing data is mandatory

6. Whether you transfer data internationally

7. What’s your legal basis for processing data

Source : TermsFeed – Online Privacy Generator

 


 GDPR – Outsourcing your DPO What is a DPO?

GDPR – Outsourcing your DPO. The General Data Protection Regulation (GDPR) makes it compulsory for some organisations to appoint a data protection officer (DPO), an expert in data protection law and practice.

Effective from 25th May 2018, the GDPR brings sweeping changes and potential fines of up to 4% of worldwide annual turnover (or €20,000,000).

However, hiring a full-time DPO is likely to be challenging – and expensive – due to a shortage of suitable talent.

GDPR – Outsourcing your DPO

The role of the DPO is to carry out the following tasks:

  • Be timely involved with all issues relating to the protection of personal data;
  • consult with controllers on DPIAs;
  • instruct controllers and processors on their obligations under the GDPR;
  • receive communications from data subjects regarding their rights and processing of their data;
  • monitor compliance with the GDPR and related laws and the controller’s policies; facilitate or carry out audits;
  • attend DP meetings;
  • and cooperate and consult with supervisory authorities.

GDPR – Outsourcing your DPO

DPOs must remain independent !

Controllers not established in the EU need to evaluate whether they require a DPO, as the GDPR applies to non-EU controllers and processors who offer goods and services to EU residents or monitor EU residents’ behavior.

SHIP IP LTD  can offer you either Remote or  On-Site DPO outsourced services with best annual price guaranteed !

If you are still unsure whether you need to appoint a DPO, feel free to get in touch via the Contact Us section below.

 

    Please prove you are human by selecting the star.


    MARITIME GDPR

    North P&I Club FAQS: GENERAL DATA PROTECTION REGULATION (GDPR)

    DOES THE GDPR AFFECT THE DATA THAT A SHIP OF THE
    COMPANY USES AND SHARES?
    Potentially yes. Application of the GDPR would depend on
    factors such as whether the data involved was personal data
    within the meaning of the GDPR, related to an EU citizen, and/or
    was processed by an organisation established in the EU.

    DOES THE GDPR APPLY TO GREEK SHIP OWNERS THAT DON’T
    EMPLOY EU CREW?
    This question presupposes that a ship-owning business will
    only process crew’s data, which in fact will never be the case.
    Article 3 par. 1 of GDPR provides that the Regulation applies to
    the processing of personal data in the context of the activities
    of an establishment of a controller or a processor in the Union,
    regardless of whether the processing takes place in the Union
    or not. This shall be the basic criterion for GDPR application in
    respect of any business, including Greek Ship Owners.

    COULD A MANAGEMENT COMPANY BE HELD LIABLE FOR
    MISHANDLING THE PEME DATA OF AN APPROVED P&I
    CLINIC?
    Yes, potentially. This would depend on the circumstances.

     

    DOWNLOAD FULL DOCUMENT FAQs by the North P&I Club


    Days Left :

    [wpcdt-countdown id=”8836″]

    The General Data Protection Regulation (GDPR) is a comprehensive regulation that unifies data
    protection laws across all European Union member states. It defines an extended set of rights for
    European Union citizens and residents regarding their personal information. Consequently, it
    describes strict requirements for companies and organizations on collecting, storing, processing
    and managing personal data.

    “The GDPR will change not only the European data protection
    laws but nothing less than the world as we know it.” Jan Philipp
    Albrecht, MEP, EU rapporteur on GDPR

    Where organisations are established within the EU

    GDPR applies to processing of personal data “in the context of the activities of an establishment” (Article 3(1)) of any organization within the EU. For these purposes “establishment” implies the “effective and real exercise of activity through stable arrangements” (Recital 22) and “the legal form of such arrangements…is not the determining factor” (Recital 22), so there is a wide spectrum of what might be caught from fully functioning subsidiary undertakings on the one hand, to potentially a single individual sales representative depending on the circumstances.

    Where organisations are not established within the EU

    Even if an organization is able to prove that it is not established within the EU, it will still be caught by GDPR if it processes personal data of data subjects who are in the Union where the processing activities are related “to the offering of goods or services” (Art 3(2)(a)) (no payment is required) to such data subjects in the EU or “the monitoring of their behaviour” (Art 3(2)(b)) as far as their behaviour takes place within the EU. Internet use profiling (Recital 24) is expressly referred to as an example of monitoring .

    Penalties
    Under GDPR organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater). This is the maximum fine that can be imposed for the most serious infringements e.g.not having sufficient customer consent to process data or violating the core of Privacy by Design concepts. There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment. It is important to note that these rules apply to both controllers and processors — meaning ‘clouds’ will not be exempt from GDPR enforcement.

    All MARITIME COMPANIES either their headquarters based within the EU or not should comply with the GDPR Regulation by May 28,2018 !


    Company DETAILS

    SHIP IP LTD
    VAT:BG 202572176
    Rakovski STR.145
    Sofia,
    Bulgaria
    Phone ( +359) 24929284
    E-mail: sales(at)shipip.com

    ISO 9001:2015 CERTIFIED