International maritime industry – beware of new and stricter data transfer requirements (GDPR)

| Insight

The EU general data protection regulation, "GDPR", implies strict requirements for transfers of personal data that are relevant also to the shipping industry.

In a recent ruling, «Schrems II», the European Court of Justice has set aside the so-called «EU-US Privacy Shield», why this is no longer a valid basis for data transfers from the EEA to the US. The ruling further sets out strict requirements where data are transferred from EEA to non-EEA countries based on other transfer mechanisms. In practice, the ruling has large consequences for most businesses, also in the shipping industry. Due to the ruling, the businesses will need to review their data transfers relating to own cross border maritime operations and the use of IT-service providers. SVW’s privacy experts works closely with our shipping team, and provides hands-on advices on how to ensure compliance with the new strict data transfer requirements.