What is GDPR?

GDPR

GDPR

The legislative and operational concerns of General Data Protection Regulation and how it relates to the maritime industry.

0%
What is GDPR? 12 minutes
My Rights and Data Processing 8 minutes
How Important is the Data Subject and Data Processing in the Maritime Industry? 9 minutes
Assessment: GDPR 6 minutes

Lessons

GDPR

GDPR

The legislative and operational concerns of General Data Protection Regulation and how it relates to the maritime industry.

0%
What is GDPR? 12 minutes
My Rights and Data Processing 8 minutes
How Important is the Data Subject and Data Processing in the Maritime Industry? 9 minutes
Assessment: GDPR 6 minutes
Log In to Seably
You need to log in to save your progress and earn a certificate.
Log in to Seably to save your progress.
Log In
2

Step 1 of 412 minutes read

What is GDPR?

What is GDPR.mp3

00:00 00:00

The General Data Protection Regulations (GDPR) have the purpose of protecting persons from the consequences of incorrect processing of their personal data and the free movement of such data. GDPR is a model act protecting personal data applicable since the 25th of May 2018 in all EU and EEA areas.

GDPR replaced previous legislation, the Data Protection Directive (DPD), that was enacted in 1995. DPD was a directive made by the European Union's directive regulating the processing of personal data within the EU and the free movement of such data. The directive was therefore a component of the EU privacy and human rights law.

The European Union thought that it is a person's fundamental right to protect their own personal data, with his act the EU wanted to accomplish an area of freedom, security, and justice for all.

This regulatory instrument is used as a model for national laws worldwide, ranging from UK and Turkey to Japan and South Korea. It applies to any organisation within the EU and EEA area and any organisation outside the EU and EEA area that offers service to customers or businesses in the areas within the EU and EEA area. However, if you monitor the behaviour of people within the EU and EEA areas, you also have to comply with GDPR legislation.

The Principles of GDPR

The GDPR act lies upon 7 main principles, which are outlined in Article 5. This means that if you process personal data, you should do so according to the following seven principles:

  • Lawfulness, Fairness and Transparency.
  • Purpose Limitation.
  • Data Minimisation.
  • Accuracy.
  • Storage Limitation.
  • Integrity and Confidentiality.
  • Accountability.

The rule of law is not optional in the European Union. It is a must.

Jean-Claude Juncker, PM of Luxemburg 1995.-2013.

Hence, processing must be lawful, fair and transparent to the data subject. You must process data for the legitimate purposes specified explicitly to the data subject when you collected it. You should collect and process only as much data as absolutely necessary, for the purposes specified and nothing more. Additionally, you must keep personal data accurate and up to date.

You may only store personal data for as long as necessary for the specified purpose. Processing must be done in such a way as to ensure appropriate security, integrity, and confidentiality (e.g. by using encryption), and the data controller is responsible for being able to demonstrate GDPR compliance with all of these principles.

What is the Language of GDPR Legislation?

GDPR legislation uses several important phrases that are defined below to aid understanding:

Personal data
It is any information related to an identified or identifiable natural person (data subject)
Data subject
The person whose data is processed
Data processing
And action performed on the data. No matter if the actions are automated or manual (including collecting, recording, organising, structuring, storing, using, erasing data or any action)
Data controller
The person who decided how and why personal data would be processed
Data processor
A third party that processes personal data on behalf of a data controller
Data breach
When the personal data you are responsible for is disclosed, either accidentally or unlawfully, to unauthorised recipients or is made temporarily unavailable or is altered
Genetic data
Personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question
Biometric data
Personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allows or confirms the unique identification of that natural person, such as facial images or dactyloscopy data
Profiling
A form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular, to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements

Categories od Personal Data.

The Penalties of Non-Compliance

GDPR is one of the toughest privacy and security laws in the world. As stated before, everyone who works within EU and EEA areas or works with clients in those areas has to honour the GDPR legislation.

If, for some reason, there is a breach of this regulation there are several consequences. These include the following:

Fines
The GDPR sites supervisory authorities the power to issue fines of up to €20 million or 4% of the breached organisation's annual global turnover (whichever is greater).
Enforcement action
After the investigation from the supervisory authority, the organisation will be required to address areas that fail to meet the GDPR requirements before a follow-up review.
Containing and responding to a breach
The average cost of each lost or stolen record is $141 (about €115), and the total cost of a security breach is $3.62 million (about €3 million).
Repetitional damage
Abnormal churn is the cost of a data breach it is affected by the number of breached records and the loss of customers afterwards. Organisations can’t prevent the size of the breach, but they can mitigate the abnormal churn by responding to the incident and managing their reputation.

For example, since the GDPR implementation, several of the biggest companies in the world have been fined. For instance, H&M's fine was €35 million for monitoring several hundred employees, WhatsApp's fine was €225 million because, according to GDPR, they have not been transparent enough about how they handled the information, Amazon's fine is the biggest one with a total of €746 million and it is related to cookie consent. Of course, companies can appeal these fines and they can be reduced.  

My Rights and Data Processing

Confirmation Required

Are you sure to perform this action?

Assigned to You

Libraries

Bookmarked

Your Topics

  1. Learning History
  2. Courses
  3. Certificates
  2. Teach on Seably
  1. Profile and Account
  2. Help Center
  3. Sign Out