The General Data Protection Regulation Guidance to Shipping Companies

The aim of this guidance document, produced by the UK Chamber of Shipping in conjunction with Hill Dickinson LLP, is to provide information on:

• the main points of the General Data Protection Regulation (GDPR)
• the main areas where shipping companies will be affected by it
• how to implement the new rules.

This publication also provides definitions of key GDPR terminology, types and sources of personal data and the role and responsibilities of the Data Controller and the Company Data Protection Officer.

It also includes an ‘Action Plan for Companies’, describing suggested stages for a company to implement GDPR and to verify compliance.

The purposes of this guidance document, issued by the UK Chamber of Shipping with Hill Dickinson LLP, are:

• to summarise the key points of the General Data Protection Regulation (GDPR);
• to identify the main areas where shipping companies will be affected by it; and
• to advise companies on the most effective and efficient ways to familiarise themselves with the new rules and then to determine how to best implement them.

This document is for guidance only and companies are advised to obtain their own legal advice on compliance with the GDPR.

This document focuses specifically on the maritime sector and the key areas for implementation, such as crewing issues and seafarer payments. It seeks to give a simplified explanation of the GDPR and of how companies can identify what further measures, if any, they should take to implement data protection policies that comply with the GDPR.

Introduction

Summary of the GDPR

Key definitions

Key articles

Lawfulness

Consent

The right to erasure

Data Subject’s right to information

Company Data Protection Officer (DPO)

Issues specific to the shipping sector

Implementation and familiarisation – How to achieve compliance
Action plan for companies

Further Contact

Annex 1 – General Data Protection Regulation