The General Data Protection Regulation (GDPR), widely regarded as the biggest shake up of data protection law in 20 years, comes into force on 25 May 2018. It will affect every business located in the EU or trading with EU businesses which collects, stores or uses personal information. There are therefore very few (if any) businesses in the UK for whom the GDPR will have no effect. This would of course extend to yachts employing EU crew members.
The new Regulation enhances individuals’ data protection rights and introduces a greater obligation for businesses to be transparent in how they use personal data. Businesses will be required to have appropriate policies and procedures in place to ensure that personal data is collected and processed lawfully. They will also need procedures to deal with Data Subject Access Requests (requests from individuals to provide details of all data held about them) and data breaches. Individuals will have the right to ask data controllers to erase all data held on them and to obtain a copy of their own personal data. Organisations will also be required to notify the Information Commissioner’s Office (ICO), the GDPR supervisory authority, and the related individuals within 72 hours of a harmful data breach.
Action needs to be taken now to minimise the risk of breaches, which can result in fines being imposed by the ICO. These fines will vary depending on the seriousness of the breach but the maximum fine is the higher of €20 million or 4% of worldwide turnover of the business. Alongside the financial impact of such a fine, a business will also face serious damage to its reputation.
For a short video outlining the act click here
For more information on the exclusive services Halcyon Super Yacht Security provide click here