The publication provides guidance to shipping companies on implementation of the General Data Protection Regulation (GDPR), which entered into force in May 2018. It summarises the key requirements of the GDPR and the actions companies should take to implement data protection policies in compliance. It focuses specifically on the maritime sector and covers key areas such as crewing issues and seafarer payments.
The purposes of this guidance document, produced by the UK Chamber of Shipping with Hill Dickinson LLP, are:
- To summarise the key points of the General Data Protection Regulation (GDPR);
- To identify the main areas where shipping companies will be affected by it; and
- To advise companies on the most effective and efficient ways to familiarise themselves with the new rules and then to determine how to best implement them.
The document defines GDPR terminology and lists the types and sources of personal data and how it should be processed. It also describes the role and responsibilities of the Data Controller and the Company Data Protection Officer.
Guidance is also provided on the strict provisions relating to transfer of personal data to ‘third countries’ and those outside the EU. This is particularly relevant in the offshore industry where crew are transferred from one site to another and to and from a multitude of jurisdictions where their personal data will follow.
Finally, the publication sets out an ‘Action Plan for Companies’, describing suggested stages for a company to implement GDPR and verify compliance.