Publication
Singapore: Competition law fact sheet
Overview of the main provisions of the Competition Act, and discussion of the enforcement regime and recent enforcement trends.
General Data Protection Regulation checklist – impact on shipping
Global | Publication | May 2018
Authors: Fiona Bundy-Clarke, Emma Humphries
The EU General Data Protection Regulation (GDPR) will apply directly in all EU Member States from 25 May 2018. It will repeal and replace Directive 95/46EC and its Member State implementing legislation.
Together with the Directive on the Processing of Personal Data for the Purpose of Crime Prevention, the GDPR presents the most ambitious and comprehensive changes to data protection rules around the world in the last 20 years.
The GDPR rules apply to almost all private sector processing by organisations in the EU or by organisations outside the EU which target EU residents. The export regime will ensure their impact is felt where such organisations transfer personal data to the EU.
The maximum fines for non-compliance are the higher of €20m and four per cent of the organisation’s worldwide turnover.
The broad territorial scope of GDPR and the global nature of the shipping industry requires shipowners around the world to consider carefully whether the regulation applies to their business.
Shipowners will be affected if they:
- have ships flagged within the EEA
- have a registered establishment or an office in the EEA
- use servers located in the EEA
- monitor the behaviour of any individuals within the EEA (irrespective of their nationality or habitual residence), e.g. if their website uses tracking cookies
- have a website directed towards customers based in the EEA, for example by giving an option to choose a “UK” setting, an EEA currency, or a particular language
- sell services that can be bought from within the EEA (e.g. by potential passengers)
- have a business currently registered with an EEA data protection authority, such as the UK’s Information Commissioner’s Office (the ICO)
The concept of accountability is at the heart of the GDPR rules: it means that organisations need to be able to demonstrate that they have analysed the GDPR’s requirements in relation to their processing of personal data and that they have implemented a system or programme that allows them to achieve compliance.
Our GDPR checklist is designed to give an illustrative overview of the requirements likely to impact most types of businesses and the practical steps that organisations need to take to meet those requirements. It can be used to gain an understanding of where an organisation has gaps in its compliance and to articulate how its control programme meets the requirements. It should be noted that certain parts of the GDPR (such as exceptions to the data subject rights and where processing is in the substantial public interest) are supplemented by Member State local legislation and guidance from local data protection authorities and the Article 29 Working Party, which becomes the European Data Protection Board under the GDPR.
Senior Associate
Email
emma.humphries@nortonrosefulbright.com
Recent publications
Publication
Preparing for change: How businesses can thrive under the EU's AI Act
On February 2, 2024, the Belgian Presidency of the Council of the European Union confirmed that the Committee of Permanent Representatives had signed the Artificial Intelligence (AI) Regulation, referred to as the AI Act. Approval by the EU Parliament followed on 13 March 2024, and the AI Act is likely to appear in the EU’s Official Journal around May 2024. The AI Act aims to establish a stringent legal framework governing the development, marketing, and utilisation of artificial intelligence within the region, thereby marking a significant advancement in the regulation of this burgeoning domain.
Subscribe and stay up to date with the latest legal news, information and events . . .