GDPR Archives - Page 4 of 10 - SHIP IP LTD

From 21 to 25 August 2021, the Multinational Maritime Coordination Centre (MMCC) of ECOWAS Zone F prepared and conducted the Operation Anouanze. The operation, led by Ghana and Cote d’Ivoire, was supported by UNODC through Danish funding and used data provided by Skylight and Trygg Mat Tracking.  Aiming to oversee the compliance with law at sea in the vast area connecting the EEZs of Ghana and Cote d’Ivoire, the operation was carried out thanks to a system of naval air assets pooled by the two countries and coordinated by the MMCC.

At the request of the participants, GoGIN sent a trainer to Abidjan to optimise the use of the YARIS communications and decision-making platform during the operation. The feedback on YARIS following Operation Anouanze highlights the value of the platform, which offers a single, comprehensive information system to use in situations where, in the past, several tools were required to achieve the same results.

Source: gogin

Source: newswire

Maturity and innovation have proved a winning combination as the world’s most technologically inventive ship registry has been elevated to the Paris MoU Grey List from June 2021.

Palau International Ship Registry (PISR) has been recognised for its digitally based services and growth in just three short years. This is a remarkable progression for a new registry and is attributed to the commitment to digital services and the recruitment of experienced and knowledgeable staff across the maritime sector. Now the combination of its own unique technology and human resources has seen it record some of the lowest detention figures for its growing fleet in the past 12 months.

Panos Kirnidis, CEO of PISR, is also celebrating the fifth anniversary of the registry’s European office based in Piraeus in Greece and believes the registry’s inclusion in the 2021 Paris MoU Grey List is a testament to the maturity and determination of its global network.

“This is not a surprise to anyone associated with Palau International Ship Registry. We were determined to lift ourselves into the white list and this will be achieved through our innovative and unique technology combined with the recruitment of experts in every aspect of ship registry services.

“Detentions by Port State Control and the increasing environmental regulations have put ship owners and operators under great stress in the past few years. The global pandemic has added to their worries and yet, we have proved that by investing in online services, finding the right people across our global network and offering our unique Deficiency Prevention System (DPS), we can assist them in avoiding these financially damaging detentions.

“It is this combination that is unique to PISR. It is our own in-house developed software systems that have seen our fleet detentions plummet. It is simple to use, highly effective and available from a desktop PC or even a smartphone. This is the reason PISR has been able to reduce detentions and allow us to claim our place in the Grey List. But we are not stopping our drive and we will see even further improvements in our listing into 2022 and beyond.”

After just five years PISR has been recognised as one of the world’s fastest growing and most inventive ship registries according to Panos Kirnidis.

“When I talk to ship owners, they tell me they want reliable and dependable services. They want information in real time enabling them to make the decisions that keep them sailing without penalties. We developed our Deficiency Prevention System (DPS) to do just that, and it has been an outstanding success. This is a process of maturity for any new ship registry, but we began life by examining the mistakes other established registries had made and then avoided them. Our combination of technology and the human element is the basis for our proactive services. “We recently hosted an online event for our Deputy Registrars and Flag State Inspectors and recognised their contributions to our success. Finding the right people is as painstaking as developing the technology but ship owners tell us it is paying dividends. We have been saying we are trailblazers in an established industry. We have been telling the maritime and shipping world that Palau International Ship Registry is here to stay. Well, we have proved that, and we make no apologies for saying the Grey List is a great reward for our faith and determination to be the best at what we do. As a flag of confidence, PISR will continue to innovate, operate and generate, the right combinations of services, fees, knowledge and customer service that we are known for. This year the Grey List and our targets for the coming years include an even larger fleet and the White List is in our sights.”

Source: palaureg

1. Data Processing and Data Processing Purposes

1.1 The Company “CITY UNITY Maritime Training Center” (hereinafter: «the Company») processes, in the context of your employment, personal data collected by you and/or third parties (such as recruiters, job-posting websites and/or your previous employer), in accordance with Regulation (ΕU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: «GDPR») and Greek legislation. More specifically, the Company processes personal, passport/ID and communication information, banking, social security and tax data, information about your education and previous and current employment, photo, your marital status and family information, travel information, your communications with the Company, information about your next of kin, health data, information about your entry/exit from the Company, e-mails that you send from and receive in your corporate e-mail account, calls you make and receive in your corporate mobile phone and work phone, your corporate mobile phone bill and any other personal data that may be necessary to achieve the below purposes of personal data processing.

1.2 The Company processes your personal data during your employment, while such processing will extend after the completion of such employment, and to the extent required in order for the Company to comply with its legal obligations towards the authorities and/or third parties, to comply to any applicable provisions on the obligatory data retention periods or in order for the Company to support its claims or rights.

1.3 The Company processes your data in order to ensure its proper operation in accordance with its employee-related procedures, to fulfill its staffing needs, to comply with its legal and contractual obligations, to identify its employees and to ensure the safety of its staff and of its premises.

2. Transfer of personal data to third parties

2.1 Your data may be made accessible to the Company’s personnel, as well as to third parties, such as the competent authorities, technical contractors, investigators, accountants, auditors, lawyers and legal counsels, IT companies providing technical or cloud services or i-storage platforms and banks.

2.2 The Company may also transfer some or all your data for the above purposes to persons located in countries that are not members of the European Economic Area (EEA). Where such countries have not been granted with an adequacy decision by the European Commission, any transfer shall take place under the appropriate safeguards in accordance with the GDPR, such as Standard Contractual Clauses approved by the Commission or by the competent national authority.

3. Your rights

In accordance with the GDPR, you have the right to: (a) request access to your data and to information relating to the processing thereof by the Company, (b)  request corrections and/or the completion of your data, (c)  request the Company to delete your data, (d)  request the restriction of the scope of processing, the way that the Company is processing your data, as well as the purposes for which the Company is processing them, (e) receive the personal data you provide to the Company and to transmit them and/or request the Company to transmit them to another data controller, (f) object to the processing of your personal data, (g) file a complaint before the Hellenic Data Protection Authority, and (h) so far as the processing relies upon your consent, to withdraw such consent at any time. To exercise your rights, please contact the Company as illustrated below at 5.

4. Legal basis for the processing of personal data

The Company processes your personal data because the processing is necessary, in order for the Company to:

(a) comply with its legal obligations, including among others obligations in the field of employment or social security law,

(b) fulfill its obligations and/ or satisfy its rights deriving from your employment agreement,

(c) satisfy its legitimate interests, such as its proper operation in accordance with its employee-related procedures, to fulfill its staffing needs, to comply with its legal and contractual obligations, to identify its employees and to ensure the safety of its staff and of its premises and the fitness to work of its employees,

(d) establish, exercise or defend legal claims, and/or

(e) process your personal data pursuant to your consent.

The above processing is required by law or due to a contract executed between you and the Company. Therefore, if you do not provide us with your data, the execution of your employment agreement may not be possible.

Source: maritimecareer

Believe it or not, it’s still a little too early to see what impact the new regulation is having, although this is line with our expectations given the data protection regulators around Europe were inundated with reports of data breaches that still related to pre-GDPR enforcement. Only within the last few months, are we now starting to see some examples of organisations that are falling foul of post GDPR requirements, however despite this, what we do know is the shipping sector needs to be continually switched on to the requirements of GDPR given the day-to-day processing activities undertaken by shipping companies.

Processing activities include the processing of crew information, the transfer of personal information between a shipping company and third parties such as a port agents, manning agents or P&I clubs and the international exposure of data transfers resulting from these relationships.

Shipping companies should also remember personal health records are often collated and processed, triggering the GDPR requirements surrounding the processing of special categories of personal data.

The real issue that organisations in all sectors, including shipping, are coming across is the GDPR requirement surrounding ‘accountability’. Post 25 May 2018, it’s important that any organisation is fully compliant or able to provide evidence that they are actively working towards compliance to satisfy the accountability and transparency principles of the GDPR.

So as professional advisors, what are we seeing now, some ten months later?

There are still a significant number of shipping companies continuing to work towards full compliance, but very quickly we’re seeing a shift from ‘getting ready for GDPR’ to focusing on how to satisfy the accountability requirement – that is, how you will ensure your shipping company continues to comply with the regulation in future.

Article 5 of the GDPR focuses on the accountability principle. This is the part of the regulation all shipping companies must be on top of and be able to evidence, at least annually, going forward.

The responsibility of satisfying the accountability principle falls upon the assigned Data Protection Officer or, if one is not deemed necessary, the individual that has been allocated the responsibility of data protection within an organisation.

Shipping companies need to consider whether all policies, procedures and systems introduced or amended are being adhered to and whether they’re working effectively, to ensure you continue to operate within the expectations of the regulation.

This means introducing a GDPR compliance project plan that incorporates appropriate testing and verification techniques, so at the end of the year, management are able to assess what’s working well and what needs further improvement.

We’ve launched our Data Protection Officer support function service and our outsourced Data Compliance Officer function, which includes the management and running of the ongoing GDPR compliance monitoring plan, but moreover enables your shipping company to pass more of the responsibility of data protection to us as an outsourced provider.

Source: hellenicshippingnews

Introduction

The EU General Data Protection regulation (GDPR) was approved by the EU parliament on 14 April 2016 and comes into force on 25 May 2018. This piece of legislation introduces a new data protection framework to be applied to all the EU member states. This new regime – indeed much more severe and cogent than the existing one – aims to provide a greater amount of rights on individuals in relation to their data. As a result, the amount of obligations upon the organizations with regard to storage, collection, and treatment of personal data will definitely increase. One of the key changes is certainly the consequences in case of GDPR breaches. Fines for non-compliance, in fact, may reach up to either Euro 20 million or 4 % of the annual turnover (whichever is higher) for serious breaches.

What is Personal Data?

Pursuant to article 4 of the GDPR, personal data means any information relating to an identified or identifiable natural person, so-called data subject. A natural person can be identified by an identifier such as a name, identification number, location data or through factors specific to social identity. Further to this, Special Category personal data is data revealing racial or ethnic origins, political opinions, religious or philosophical beliefs, genetic and medical information. Organizations are subject to additional obligations while processing these special data.

When does an organization “Process” Personal Data?

Processing personal data means to perform an operation related to certain personal data; for example, by using, deleting, amending or disclosing such personal data.

Why the Shipping Industry will be affected by the GDPR?

Shipping companies store and handle a great amount of personal data, for instance passenger information, crew member details, travel documents, training records, bank details and other information gathered in the ordinary course of business. Moreover, shipping companies are likely to share this information with third parties such as port agents and P&I clubs.

Not only shipping companies will be subject to the GDPR. Brokers, surveyors, agents, correspondents, external services providers, very often deal with personal data, sometimes also sensitive ones. For instance, a personal injury claim or a claim involving a minor; in this case, the claimant – i.e. the data subject – will enjoy the right conferred by the GDPR.

To whom the GDPR applies to?

The GDPR applies to people of all nationalities when their personal data is processed by an organization established in EU. Also, the GDPR applies to non-EU organizations when they process personal data of people who are based in EU.

What are the consequences of failing to comply with the GDPR?

Indeed, the GDPR introduces draconian punishments. Fines for non-compliance may reach up to either Euro 20 million or 4 % of the annual turnover (whichever is higher) for serious breaches. For less serious offences, fines can reach up to Euro 10 million or 2% of turnover.

Apart from pecuniary punishments, non-compliance with the GDPR might keep the faulty organization away from important business opportunities in the future. Indeed, without mentioning the reputational consequences of a data breach, the GDPR compliance might become a paramount requirement for the companies in order to take part to the EU public contract tender, or in order to contract with companies siting in EU.

What should an organization do?

In order to comply with the GDPR, an organization should follow these 8 practical and essential steps:

1. Awareness: be aware that the law is changing to the GDPR. All the people of an organization must understand the impact of this new piece of legislation.
2. Information audit: assess what personal data the organization holds, where it comes from and who it is shared with. The audit is usually conducted by a legal team or professional firms with expertise in privacy matters.
3. Draft privacy notice: after the audit is concluded, it is possible to draft a tailor-made privacy policy according to the types of personal data that the organization process. Certain organizations are advised to draft several privacy policies, for example, one which contains specific wording where special category data is collected, another one for commercial use, and another one for HR purposes.
4. DPO: where appropriate, appoint a Data Protection Officer (DPO). An organization is required to appoint a DPO – i.e. someone to take responsibility for data protection compliance – where carries out the regular and systematic monitoring of individuals on a large scale or, carries out the large-scale processing of special categories of data such as health records, or information about criminal conviction. A competent external DPO can bring technical expertise and help to save time.
5. Consent: review how the organization obtains, records and manages consent. Consent must be specific, granular, clear, prominent, properly documented and easily withdrawn.
6. Individuals’ rights: check the procedure and be sure that they cover all the rights that individuals have. According to the GDPR, individuals have the right to: be informed, access, rectification, erasure, object and restrict processing. Therefore, the organization, for instance, should be ready to react if someone asks to have their personal data delated or modified.
7. Data Breaches: make sure that the right procedures are in place to detect, report and investigate a personal data breach, so-called Incident Report Plan. Authorities must be notified of any breach of the regulations within 72 hours of the event.
8. Training: ensure that organization personnel is trained about the GDPR compliance. A GDPR crash course along with periodic training would be appropriate in certain circumstances.

Will the GDPR affect the data that a ship uses and shares?

Yes, in so far as such data is considered Personal Data pursuant to article 4 of the GDPR.

Is a commercial data (B/L, Data of Vessel) subject to GDPR?

No, unless commercial data includes personal data.

Are the GDPR fines excluded from a P&I cover?

No. However, cover for such fine would indeed requires that all the reasonable steps to avoid the breach had been taken.

Source: macchimaggesi

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is set to come into force in May 2018. It is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).

The GDPR replaces the EU Data Protection Directive and applies to all member countries without the need for national legislation. After four years of discussion and amendments, the regulation officially takes effect on May 25, 2018 and places the EU at the forefront of data protection standards.

Ince & CO explains, “Shipping companies collect a great deal of personal data, including passenger information, crew and employee details, customer lists and details of business contacts. The complex global nature of the industry and high level of personal data processed and exchanged, often across national borders, can leave information vulnerable to security breaches, intentional or otherwise. Implementing effective data protection controls into daily operating procedures is a huge challenge. However, when the EU General Data Protection Regulation and the UK’s Data Protection Act 2018 come into force on 25 May 2018, businesses ignore them at their peril, as non-compliance can result in large fines and reputational damage. There are also commercial benefits to effective compliance: companies that protect the privacy of their passengers, employees and business associates and conduct properly targeted marketing campaigns will be more likely to attract and retain business and staff.”

Lester Aldridge underlines the steps companies need to take to prepare for the GDPR, stating, “under the GDPR, there is a full list of action points for businesses to take to ensure data protection compliance. The following 5 key steps are perhaps the most important ones that should help company’s process data correctly:

1. Appoint a data protection officer to ensure compliance.
2. Implement a system internally to ensure the relevant supervisor is informed of a personal data breach within 72 hours of first becoming aware of the breach.
3. Adopt an updated data protection and privacy policy by analysing your system and practice to ensure that data is processed in accordance with the permitted legal grounds
4. Run audits and risk assessments on collected personal data and keep the individuals informed about processing their personal data.
5. Provide training to your employees and ensure that they are abreast with the correct processes and ensure that data controllers have contracts with all of their data processors.”

With large potential fines (the greater of up to 4% of global turnover or 20 million Euros), risk of claims from individuals and reputational damage, businesses need to make the necessary changes to their systems and policies now in order to be prepared when the GDPR “goes live” on 25 May 2018.

HFW states, “The GDPR will also apply to organisations established outside of the EEA if certain conditions apply, including where they monitor the behaviour of individuals within the EEA (for example, via cookies), offer goods or services to individuals within the EEA (note that if you offer goods or services to a business that business has individuals within it) or where EEA Member State law applies in accordance with international law, e.g. where a vessel is flagged with an EEA Member State registry.

Particular factors to consider when determining whether the GDPR will apply are:

• Are any of your vessels flagged within the EEA?
• Is your website directed towards customers based in the EEA, for example by giving an option to choose a “UK” setting, an EEA currency, or a particular language?.
• Can your services be bought from within the EEA?
• Do you have a registered establishment or an office in the EEA?
• Is your business currently registered with an EEA data protection authority, such as the UK’s Information Commissioner’s Office (the “ICO”)?
• Do you use servers located in the EEA?
• Do you monitor the behaviour of any individuals within the EEA (irrespective of their nationality or habitual residence)? For example, if your website uses tracking cookies, then you are “monitoring individuals” for the purposes of the GDPR.

If the answer to any of these questions is yes then it is likely that the GDPR applies to you.

The GDPR introduces a host of new obligations and requirements with which businesses must comply. Five key action points are as follows:

1. Conduct a data audit. Data controllers and processors alike are required to keep records of their personal data processing. Analyse your systems and practices to check what personal data you process, why, how you use them, where they are stored and whether you still need them. Check whether you process them in accordance with one of the permitted legal grounds (e.g. has the individual given their consent, or is the processing necessary for the performance of a contract with the individual, or necessary for a legitimate business interest). “Sensitive” personal data are subject to stricter rules and processing usually requires the individual’s consent. Note that “consent” is more difficult to obtain under the GDPR regime than under the UK Data Protection Act 1998 which implements the current EU data protection regime. Criminal records of employees or service providers can only be processed in accordance with specific EEA Member State laws. Document your findings and decisions.
2. Draft or amend policies and procedures. The GDPR strengthens and adds to individuals’ rights, for example it strengthens the rights to have personal data deleted or frozen, adds a new right of “data portability” where an individual can request that personal data stored electronically be transferred to a different data controller, and shortens timelines for compliance with individuals’ requests. It also imposes new obligations on all data controllers to report personal data breaches to relevant data protection authorities within 72 hours, and to report breaches to individuals concerned (if the breach is high risk) “without undue delay”. It introduces a new concept of “privacy by design”, which requires businesses to think about protecting individuals’ privacy at the very beginning of any new project and to conduct “privacy impact assessments” calculating the potential risks to individuals’ privacy rights. Businesses will need to update (or draft) policies and procedures to ensure compliance with these obligations.
3. Inform individuals about your processing through fair processing notices. Individuals must be kept informed about the processing of their personal data. The GDPR increases the amount of information which must be included in these notices. Privacy policies will need to be updated and businesses will need to amend (or draft) notification forms.
4. Amend or put contracts in place with data processors. The GDPR requires data controllers to have contracts in place with all of their data processors, containing certain elements specified in the GDPR.
5. Appoint a data protection officer. Many businesses will be required to appoint data protection officers, or may choose to do so voluntarily, given the increased risks associated with data protection.”

The UK P&I Club suggests an action plan in accordance with the GDPR stating, “In order to comply to the full scope of the GDPR, it is recommended that organisations seek legal counsel.

At a minimum, here are a few high-level action items:

• Get consent: A data controller must be able prove that consent was given by the data subject.
• Conduct a Data Protection Impact Assessment: It’s important to assess privacy risks of processing personal data of individuals.
• Where appropriate, appoint a data protection officer: This person is responsible for overseeing compliance and data protection strategies.
• Be prepared to report data breaches: Under the GDPR organisations must report a breach within 72 hours.
• Maintain records of processing: Article 30 states that controllers “shall maintain a record of processing activities under its responsibility.”

The GDPR will change the way the shipping industry handles data forever. It is something that must be taken very seriously as any violation will result in severe repercussions. Organisations that fail to comply will face significant fines—as high as four percent of the organisation’s annual revenue. Furthermore, individuals may take action against any entity that improperly handled their personal data.

Source: seanews

Two years to go. The International Maritime Organization (IMO) encourages ship owners and managers to have incorporated cyber risk management into ship safety by the 1st of January 2021. But what does that mean? And how to address maritime cyber risks?

Digitalization

The maritime sector is on the verge of a digital disruption. Digitalization is increasingly considered one of the key solutions to the many significant challenges the sector is facing, ranging from overcapacity, low margins, regulatory pressure, and lack of efficiency, to new digital demands from customers. Although digital transformation of the maritime sector is still in its infancy, it’s safe to assume that digitalization will have a major impact on operations and existing business models in the years to come.

But fast-moving changes do not come without risk. Industrial automation and control systems that were once isolated and deemed secure, are increasingly being connected to corporate networks and the Internet. Individual devices across enterprise Information Technology (IT) and Operational Technology (OT) networks – from smart digital equipment and tools to navigation, engines and more – will present potential new pathways to cyber attacks and incidents on vessels.

First steps towards regulation

This has driven IMO to issue the Resolution on Cyber Risk Management. The resolution “encourages administrations to ensure that cyber risks are appropriately addressed in safety management systems” by 2021.

While that does not sound too obligatory, potential implications of inappropriate cyber risk management are obvious, as it may lead to, for example:

• Increased (unforeseen) expenses;
• Operational loss due to incidents;
• Safety and personnel damage;
• Limited competitive edge.

But potentially, consequences are more widespread. Lack of compliance with these requirements may also lead to increased insurance fees, port access denial and even detention of ships, again meaning huge financial losses for their owners.

It is expected that, though for now just a recommendation, the IMO Guidelines can become the GDPR for the maritime sector: that regulation where noncompliance potentially affects your license to operate – and that regulation that seems difficult to get a grip on.

As cyber security may not be the core business of most maritime organisations, proper guidance on efficiently incorporating cyber risk management is needed. This is where KPMG offers its global expertise on cyber security advisory and digital risk management for the maritime sector.

Addressing cyber risk

KPMG’s solutions aim at letting maritime organisations manage cyber risk in the way that is intended in, for example, the IMO Guidelines on Maritime Cyber Risk Management and the BIMCO Guidelines on Cyber Security Onboard Ships. This includes:

• Identify: To be able to identify and manage risks and turn them into business advantages, you first need to understand your connected landscape and identify the most relevant threats and highest risks for your environment.
• Protect: Once you understand your maritime IT and OT landscape and the impact and risks of the different systems within, you can take appropriate measures to protect it where relevant.

Source: linkedin

The European General Data Protection Regulation (GDPR) entered into force on 25 May this year. While many of its provisions already applied under existing national and European data protection laws, the advent of the GDPR raised the profile of the issue and concentrated the minds of those in organisations that are now faced with the possibility of huge fines for any failure to protect adequately the personal data of their customers and employees and, most importantly, to report when a breach has occurred.

Under GDPR, companies are obligated to do three basic things: to ensure that data is held only for specific reasons and purposes; to ensure data subjects’ consent is not only freely given but as easy to withdraw as to provide, and to ensure systems for the storage and processing of data are secure.

This has led to the emergence of a whole industry of instant experts in data protection, who flooded many people’s inboxes with apocalyptic warnings of impending catastrophe and quick-fix solutions of high cost and limited results.  Quite how they compiled their distribution lists without breaching pre-existing data protection laws is not entirely clear.

One of the key issues for those in the shipping industry concerned cross-border transfers of personal data, particularly between EEA and non-EEA states. To what extent would GDPR apply to seafarers recruited from non-EEA countries?  Would it be lawful for personal data to be passed to organisations in countries outside the EEA?  These would include crewing and manning agencies, but also Port State Control and other statutory authorities and overseas ports.

The Chamber sought answers to these important questions from legal experts at law firm Hill Dickinson, who led a workshop for members at the UK Chamber last September.  Following on from this, the Chamber prepared a publication, ‘The GDPR: Guidance to Shipping Companies’, which was published by Witherby Publishing in June this year.

Following requests from members, the Chamber will host a follow-up workshop entitled ‘The GDPR – Implementation and Next Steps’ on the afternoon of Thursday 18 October. The key purposes of the workshop will be to introduce the guidelines and hear members’ experiences of bringing their data protection procedures into line with GDPR.

Hill Dickinson’s Javed Ali will take centre stage and will provide answers to some of the most important questions that members have raised concerning the GDPR. These include how transfers of personal data between data controllers and processors inside and outside the EEA should be conducted in order to be GDPR-compliant; the use of data protection clauses in contracts and charterparties, and the link between shipboard and shore-based data protection policies.

Mr Ali will also report on Hill Dickinson’s own experiences of the application of GDPR, the role that the Information Commissioner’s Office has played since 25th May and details of prosecutions for breaches of GDPR that have been brought.

Following Mr Ali’s presentation, members will have the opportunity to put their own questions to him and raise any further matters that might have come to light since the regulation’s entry into force. Suggestions for further actions by the UK Chamber will also be welcomed.

Source: ukchamberofshipping

Life was pretty difficult for a sailor in the age of exploration, and every day was filled with hard work, and back breaking labor. Journeys could take years, since ships could only cover about 100 miles a day, and the pay was poor. Food wasn’t of the best standard either, with crews getting 3,000 calories a day of salted beef, hardtack, ale or wine, and dried fruits or vegetables. How far would you make it in the Age of Exploration with only one set of clothes, and scurvy “the scourge of the seas,” nipping at your heels — along with the mice?

Source: maritimecyprus