Maritime GDPR – General Data Protection Regulation Implementation
The EU General Data Protection Regulation (GDPR)
The EU’s General Data Protection Regulation (GDPR) will apply from 25 May 2018, when it supersedes all EU member states’ current national data protection laws. Significant and wide-reaching in scope, the Regulation brings a 21st-century approach to data protection. It expands the rights of individuals to control how their personal information is collected and processed, and places a range of obligations on organisations to be more accountable for data protection.Maritime GDPR – General Data Protection Regulation Implementation!
Deadline for compliance: 25 May 2018
Under GDPR organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater). This is the maximum fine that can be imposed for the most serious infringements e.g.not having sufficient customer consent to process data or violating the core of Privacy by Design concepts. There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment. It is important to note that these rules apply to both controllers and processors — meaning ‘clouds’ will not be exempt from GDPR enforcement.
Who is impacted?
The GDPR applies to controllers and processors that are handling the personal data of European individuals. Perhaps one of the most important things to note is that this new regulation applies to ALL organisations collecting and processing personal data of individuals residing in the EU, regardless of the company’s physical location.
All maritime companies need to be in compliance by the deadline of enforcement / SHIP IP LTD can assist you STEP BY STEP and prepare an organization to be compliant with the GDPR, update your SMS provide you policies and all tools required !
How we get started ?
Please complete simple form below so we can understand your company’s size and resources required to be reviewed .
Our consulting team will get in contact with you soon to arrange a web conference and discuss next steps.
How much it costs ?
That depends the size of your company / number of people involved and our findings after our initial GAP analysis .
How much time required until implementation ?
Usually between 4-8 weeks – We suggest you that the person really knows your internal workflow and data structure to be in direct contact with our team so we can reduce implementation time to minimum.
Do we need a DPO (Data Protection Officer) ?
YES you need for sure ! at least the first two years so people can be trained and be mature with the new regulation.
SHIP IP LTD offers outsourced DPO service with an agreed annual FEE – So we actually can follow up and ensure implementation after we complete relevant consulting . Our DPO is certified by TUV Austria
What Documentation will be provided ?
40+ policies, procedures, controls, checklists, tools, presentations and other useful documentation , sample list below not limited :
- Data protection policy
- Training policy
- Information security policy
- Data protection impact assessment procedure
- Retention of records procedure
- Subject access request form and procedure
- Privacy procedure
- International data transfer procedure
- Data portability procedure
- Data protection officer (DPO) job description
- Complaints procedure
- Audit checklist for compliance
- Privacy notice
SHIP IP LTD will help you from initial steps until implementation and auditing to ensure continues auditing !
Get in contact with us TODAY !