GDPR Archives - Page 2 of 7 - SHIP IP LTD


The maritime industry is responsible for transporting more than 80% of global trade of goods, such as automobiles, bulk commodities, chemicals, wood products, iron and steel, garments and shoes, and consumer goods, toys, electrical appliances, oil and gas, pharmaceutical products and food.

COVID-19 related measures imposed by Governments, including travel bans, embarkation and disembarkation restrictions or suspension in the issuance of travel documents, have severely strained the working conditions in the global shipping sector, resulting in a humanitarian and safety crisis.

Hundreds of thousands of seafarers are trapped on ships as routine crew changes cannot be carried out, while hundreds of thousands are stranded on land, prevented from re-joining ships.

Those stranded on ships are being denied their human rights, including their rights to physical and mental health, to family life, and to freedom of movement, and are often forced to work beyond the default 11-month maximum period of service on board, as established by International Labour Organization (ILO) Maritime Labour Convention, 2006 (MLC, 2006). This is resulting in cases that could amount to forced labour.

The UN General Assembly, the Secretary General and UN agencies have called on governments to designate seafarers as “key workers” and to honour their commitment to seafarers, especially as it relates to medical care, length of service and repatriation.

The UN Human Rights Office, the UN Global Compact, and the UN Working Group on Business and Human Rights have issued a statement calling upon companies to act under the UNGPs. This call has been echoed by the International Labour Organization (ILO).

In the context of the COVID-19 crisis, business enterprises that engage with the maritime industry should undertake human rights due diligence to identify, prevent, mitigate and address adverse human rights impacts on seafarers resulting from restrictions to crew changes. This involves utilizing leverage – individually and collectively – on governments and maritime transport providers to ensure respect for seafarers’ rights. The scale and complexity of due diligence should be reasonable and proportional to its their size and operational context, among other factors.

Moreover, companies should not exert undue pressure on the maritime industry to lessen the protection afforded by existing standards, including those set out in the MLC, 2006. For instance, some are demonstrating irresponsible practices that jeopardize seafarers’ rights, including the appearance of ‘no crew change clauses’ in contracts between charterers and the maritime industry.


Source: maritimecyprus


International Maritime Bureau’s Piracy Reporting Centre (IMB), the Gulf of Guinea hit a record with 130 crew kidnappings in 22 separate incidents in 2020 (source: ICC Commercial Crime Services).

About 95% of all reported maritime kidnapping cases worldwide have taken place in the Gulf of Guinea. Unfortunately, the first months of 2021 do not show any signs of improvement. Already in January several notable attacks and violent kidnappings were reported.

The IMB report notes that incidents in the Gulf of Guinea are particularly dangerous as the majority of the perpetrators were equipped with guns. Until a couple of years ago cargo theft seemed to be the main driver for piracy, but nowadays we are seeing a shift towards violent kidnapping of crew members with the objective to demand a ransom. The kidnapped crew members are consequently taken deep into the jungle where they are held hostage for months until ransom is paid. The conditions in the camps are severe, resulting in sickness or sometimes even death.

The issue of piracy in the Gulf of Guinea used to be significantly different from, for example, the Horn of Africa, where most attacks take place in international waters where vessels can be protected by the international community. Within the Gulf of Guinea, however, many attacks occur near the coast and the responsibility to deal with an act of piracy within territorial waters rests with the coastal state. Previous years have shown that the pirates are now able to operate further from shore, as incidents have been reported to take place at 200 nautical miles from the coastline. As a result, the international community has been alerted and initiatives to protect vessels have been initiated such as, for example, the pilot case of the EU’s Coordinated Maritime Presences (CMP) concept (source: European Council).

It is noted that in addition to the existing High-Risk Area in the territorial waters of Nigeria and Benin, a new Extended Risk Zone has been designated to cover a substantially larger area in the Gulf between Liberia and Angola.


Source: maritimecyprus

When the General Data Protection Regulation1 (GDPR) came into force throughout the European Union nearly three years ago, one of its most eye-catching features was its extraterritorial jurisdiction provisions. These extend the reach of the GDPR to businesses located outside the European Union who offer goods or services to EU residents or who monitor the behavior of EU residents.2

Under the threat of becoming liable for a breach of the GDPR and potential fines of up to €20m or four percent of global turnover (whichever the higher), many businesses based in the United States and other locations outside the European Union have simply taken a stance of refusing to deal with EU residents, including taking measures such as geo-blocking websites to EU-based visitors. Other businesses, in the United States and elsewhere, have found themselves contemplating whether they might be subject to the GDPR and how to react merely because they have made a new EU-based business connection, acquired the contact details of a potential customer in the European Union, or even become aware that an employee at a customer organization had moved to the European Union.

A court in the United Kingdom has now considered the limits of extraterritorial jurisdiction of the GDPR, which may provide some reassurance to overseas businesses that limited contact with EU residents via a website may not necessarily lead to them being subject to the GDPR.

In the recent case of Soriano v Forensic News,3 the High Court of England and Wales looked at the extent to which the U.S.-based news website defendant, Forensic News, could be regarded as being subject to either limb of the GDPR’s jurisdiction provisions in relation to its processing of the personal data of the UK-resident claimant as part of its journalistic activities. The facts of the case derive from the period prior to Brexit and the end of the transition period, while the United Kingdom was still subject to EU law, and therefore, the court applied the EU version of the GDPR and related jurisprudence and guidance.

The GDPR’s jurisdiction provisions are set out in Article 3 and have two elements: (1) an organization is “established” in the European Union for the purposes of the GDPR, or (2) the extraterritorial jurisdiction provisions, which apply when an organization located outside the European Union offers goods or services to EU residents or monitors their behavior. Although the main purpose of the Soriano case was to decide on whether the United Kingdom was the appropriate forum in which to litigate a range of other potential claims, including defamation, malicious falsehood, harassment, and misuse of private information, its interpretation of the jurisdiction of the GDPR is significant because it is one of the few judicial authorities that have been handed down on this issue so far.


Source: natlawreview


Carbon reduction is a key strategic objective for our company and follows our mission of connecting the world today, creating a sustainable tomorrow,” said Oeyvind Lindeman, Chief Commercial Officer at Navigator. “We continuously strive to reduce our carbon emissions through innovations in the way we manage our company and in the way we operate our assets. Offsetting is one of several tools we choose to use in order to deliver a true carbon-neutral voyage. We are looking at ways to further promote and develop similar voyages in collaboration with our stakeholders whilst always keeping the UN’s Sustainable Development Goals in mind.”

In addition to industry-led technological and regulatory developments in reducing its carbon footprint, Navigator Gas looks forward to further harnessing the potential of similar projects in the future to provide carbon offsetting to its customers in an effort to abate the current carbon emissions associated with day-to-day shipping activities, whilst future solutions are developed and deployed.

“Navigator is taking the lead in applying new solutions to address the existing carbon footprint associated with seagoing vessels. Their effort marks a landmark change in the global maritime sector by moving from words to tangible action, and we believe many more will follow their example. At CHOOOSE, we are proud to be participating in this global change led by Navigator by building technology that makes the global maritime sector a part of the solution,” said Andreas Slettvoll, CEO and co-founder at CHOOOSE.

Navigator Holdings Ltd. is the owner and operator of the world’s largest fleet of Handysize liquefied gas carriers and a global leader in the seaborne transportation of petrochemical gases, such as ethylene and ethane, liquefied petroleum gas (“LPG”) and ammonia. We play a vital role in the liquefied gas supply chain for energy companies, industrial consumers and commodity traders, with our sophisticated vessels providing a safe, efficient and reliable ‘floating pipeline’ between the parties. Please visit for more information.


Source: prnewswire


Please use the sharing tools found via the share button at the top or side of articles. Copying articles to share with others is a breach of T&Cs and Copyright Policy. Email to buy additional rights. Subscribers may share up to 10 or 20 articles per month using the gift article service. More information can be found here.

Fines imposed under the General Data Protection Regulation have increased by almost a half over the past year as European authorities flexed their regulatory muscles despite disruption caused by the pandemic. A total of €272m has been levied in fines by European data protection authorities since the introduction of the GDPR in 2018. Over half of those penalties were imposed by Italy and Germany. According to research by DLA Piper, €159m of those fines were imposed in the past 12 months, an increase of nearly 40 per cent on the first 20-month period after GDPR came into force.


Source: ft


The new software provides a .NET framework, optionally with source code, that can be used as the starting point for a custom ship-based application, providing display of primary radar, radar tracks, electronic navigational charts (S-57/S-63), secondary transponder information, such as AIS and ADS-B, and NMEA navigation data.

The MDF software can receive radar video from a variety of maritime radar sensors including Furuno, Hensoldt, JRC, Koden, Raymarine, Raytheon, Simrad, Sperry and Terma, with control of the radar supported for certain models.

The MDF software supports many display capabilities required in an ARPA display, including bearing lines, range markers, trails and closest point of approach (CPA) and time to CPA (TCPA). Additionally, camera video is supported for situations where a customer requires an integrated radar and camera display for security against piracy and smugglers.

David Johnson, CEO, Cambridge Pixel, said: “Using the MDF framework application with source code, developers can significantly accelerate the time to develop a customer application. The software offers a fully-functional out-of-the-box display application in a development environment so that customised displays can easily be created.”

A marine radar with automatic radar plotting aid (ARPA) capability can create tracks using radar contacts. The system can calculate the tracked object’s course, speed and CPA, thereby knowing if there is a danger of collision with the other ship or landmass. Marine radars with ARPA are used on numerous commercial vessels including cargo ships, passenger ferries, trawlers, superyachts and tankers.

“Our MDF software application provides maritime integrators with a working solution from day one and gives them the freedom to add the bells and whistles later,” said David Johnson. “So rather than a developer starting from scratch with a low-level library of modules we provide those building blocks as a pre-packaged application to fast-track development.”

“This is attractive to new entrants to the ARPA display console market and for software developers who may be looking for a better pedigree of standard modules for their application and who want to focus their software development efforts on customisation.”

The MDF software is compatible with Cambridge Pixel’s radar processing products, such as SPx Server for target tracking and SPx Fusion. A complete ship-based radar processing solution can be provided using standard server applications for radar processing and a customised MDF client application.

The Maritime Display Framework is written in the C# language and is designed for development of a Windows WPF-based client application.

Cambridge Pixel’s Maritime Display Framework is part of a family of radar acquisition and processing components and applications that provide system integrators with a powerful toolkit to build server and client display systems. The company’s world-leading SPx suite of software libraries and applications provides highly flexible, ready-to-run software products or ‘modules-of-expertise’ for radar scan conversion, visualisation, radar video distribution, target tracking, sensor fusion, plot extraction and clutter processing.

Cambridge Pixel’s radar technology is used in naval, air traffic control, vessel traffic, Electronic Chart Display and Information Systems (ECDIS), commercial shipping, security, surveillance and airborne radar applications.


Source: prnewswire


On the 25th May 2018, the EU GDPR came into force. This significant legislation, described by some as the “biggest single shake up of data legislation in the last 25 years,” has wide reaching impacts for all Maritime organisations who collect, manage, process and store personally identifiable and personal sensitive data for EU citizens – anywhere in the world .

Our new, NCSC Certified e-Learning course offers organisations an accessible and comprehensive method of raising GDPR awareness across all users of the business quickly.


Source: templarexecs


Why is GDPR particularly relevant to shipping?
Although GDPR will probably affect every organisation that
processes personal data, the shipping industry will be particularly
affected due to the following reasons:
• Even small shipping companies process personal data of their
crew on a daily basis. Most shipping companies keep records of
their crew members between embarkations and for some time
after the last debarkation.
• Personal data processed by shipping companies includes
personal identification documents, bank details, travel
documents, training records but also data considered to be
‘sensitive’ such as medical records.
• Shipping companies receive personal data from many sources such
as the individuals themselves, manning agents, port agents and
other third parties, in the normal course of business.
• They send personal data to many recipients such as port agents,
travel agents and P&I clubs.
• They regularly make data transfers to a large number of
jurisdictions, with particular interest in those made to countries
outside the EU, and in specific, those where certain conditions
must be met in order for the transfer to be allowable.
What should shipping companies do?
It is crucial that shipping companies kick-start their GDPR project
with raising awareness among top management on what GDPR
requires and what the key risks for their particular organisation
are. Engaging the right people at top management level is
necessary to ensure that the organisation commits the necessary
time and resources and develops a culture that respects privacy.
With the full support of management, organisations need to
assemble a multi-discipline team to run the project ensuring
risk, legal and IT are included. The appointment of a Data
Protection Officer may be required, under certain
circumstances, in which case the organisations need to
consider who that person might be. Trusted external advisors
can bring technical expertise, perspective and help save time.
It is then time to identify and record the data processing activities,
ensuring that for each activity, the entire data lifecycle is captured
(from collection all the way to destruction). Data processors and
joint-controllers should also be identified at this stage.
Whilst capturing the flows, organisations should look for the
weaknesses in the data flows, evaluate the resulting risk and
respond to that risk with a specific practical plan of action, so that
the risk can be mitigated to an acceptable low level. To identify
weaknesses they will also need to consider their policies and
procedures, their current compliance framework (for example ISM,
MLC etc) as well as tools and enablers, including legal documents
(forms, terms and conditions, etc) and of course the IT environment.
Once the specific action plan is complete, organisations can then
proceed to the implementation phase. This would normally include
making changes in privacy policies, contracts with manning agents,
P&I clubs, information notices to port agents, staff and crew as
well as drafting appropriate consent forms. Implementation could
also include changes in manual procedures, IT security (firewalls,
encryption etc) and business continuity & disaster recovery plan.
External advisors can again help carry out various aspects of the
implementation but also assist in managing the effort.


Source: greece.moorestephens


New technologies have led to significant changes in our daily lives. The reflections of these changes appear as new rules and laws on privacy and security. Today, both public institutions and private sector have access to various information belonging to thousands of people within the scope of the performed business. This information obtained can be processed and transmitted easily as a result of the rapid developments in information technologies.

By increasing the requirements of companies in terms of privacy and security, this transformation made digitalization inevitable. This necessity can also be seen by various organizations as a “technological restructuring” opportunity. Due to the Turkish Personal Data Protection Law (KVKK), which has been introduced in 2016, organizations that do not have enough infrastructure and knowledge in the area of privacy and security have started to focus on this area.

Personal Data Protection is directly related to the right of privacy, which is one of the fundamental human rights. Before KVKK, the rules on the Personal Data Protection were to specify with Turkish Criminal Code, Constitution and other relevant legislation. Personal Data Protection Law No. 6698 is the most important legal regulation with the most severe sanctions.

Source: verisistem


The new European General Data Protection Regulation (Regulation (EU) 2016/679), will enter into force on the 25th of May 2018, and it is expected to affect businesses, government agencies and organisations, which collect or analyse information of European Union citizens.

The 28th of January each year is the global Personal Data Protection day, which for 2018, has a particular importance because the EU General Data Protection Regulation (“GDPR”) will come into force in May 2018. Stricter rules and higher fines increase the risks of non-compliance. Violations of the GDPR can have a severe impact on companies that handle personal information – both financially, as well as for their reputation.
Meeting GDPR is not just a compliance requirement, but can also lead to a competitive advantage by proving to be a trustworthy employer and business partner for customers.
What is personal data?

Personal data is defined as any information concerning the personal or material circumstances of a person and is associated with the data on employees, contractors and customers. This includes name, address, material conditions, such as health, or IP address.

Certain kinds of data are classified as “sensitive”. These are data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, or data concerning health or sex life.

To help the shipping industry understand and comply with the new GDPR Regulation Maritime Academy is offering a course that will assist those who have day-to-day responsibility for data handling, to implement better its provisions.

The following subjects are discussed and analysed:
Provisions and principles of the new regulation and understanding
What constitutes personal data?
Who does the GDPR affect?
What is the difference between a data processor and a data controller?
Get informed on the rights of the data subjects.
Discuss if you need to appoint a Data Processing Officer (DPO) and
What are his duties and responsibilities?
Hear how to transfer personal data to third countries
The penalties for non-compliance
Learn how to have your Privacy Notice GDPR ready
Understand how to organise an information audit to map data flows and
The use of the Data Protection Impact Assessment (DPIA)
Get informed on how to deal with and report data protection breaches and
Exercise due diligence under the GDPR
Explore other jurisdictions’ data protection laws
Get up-dated on recent famous data breaches

Source: DNV GL Maritime Academy Hellas