European regulations covering the processing and collection of personal data
come into force in May next year and shipmanagement companies based in Europe
and outside could face fines of up to €20 million or 4% of annual global
turnover, whichever is the higher, in the event of a serious breach of the
InterManager will focus on General Data Protection Regulation(GDPR) in the
forthcoming International Shipowning and Shipmanagement Summit (ISSS) to be
held in London on Monday 11th September, as part of London International
Shipping Week 2017.
MacLean, Master Mariner and Partner at Hill Dickinson LLP, will address
delegates at length about what the regulations mean for ship managers and what
are the pitfalls the industry needs to be aware of.
Szymanski (pictured), Secretary-General of InterManager, urged ship managers to
start taking steps to ensure they are compliant with their obligations under
the regulations and said the ISSS conference debate was a good place to start.
“It is all
about accountability when it comes to processing and sharing the personal data
of individuals but this needs to be conducted securely. The magnitude of the
fines highlights the seriousness facing the industry.”
to Hill Dickinson, the GDPR increases the rights of individuals, strengthens
the obligations of companies and increases sanctions for non-compliance. The
most significant addition is the accountability principle.
Pittordis, Partner and Head of Marine, Trade and Energy at Hill Dickinson,
said: “The GDPR requires you to show how you comply with the principles by
documenting the decisions you take about a processing activity. As well as an
obligation to provide comprehensive, clear and transparent privacy policies.
organisation has more than 250 employees, it must maintain additional internal
records of its processing activities. If an organisation has less than 250
employees it is required to maintain records of activities related to higher
risk processing, such as: processing personal data, that could result in a risk
to the rights and freedoms of an individual; or processing of special
categories of data or criminal convictions and offences,” she said.
Dickinson also pointed out that it is important to ensure that an audit is
carried out now to ensure that the right policies and procedures are in place.
These should be done by the company and not external consultants. GDPR
compliance is a board level issue and not the responsibility of the IT
department. GDPR is not just about IT security. It should not be assumed that
compliance of the present Data Protection legislation will comply with GDPR.