A.) What is the GDPR?
The General Data Protection Regulation (GDPR) is a regulation in EU
law on data protection and privacy for all individuals within the European Union. It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. It becomes enforceable on 25 May 2018. (Quoted from
Wikipedia)
B.) Which new legal terms do you need to know?
Some relevant definitions from
Art. 4 GDPR:
Referring to
final customer: ‘
personal data’ means any information relating to an identified or identifiable natural person (‘
data subject’);
Referring to
agent / fleet operator: ‘
controller’ means the natural or legal person, (…) which determines the purposes and means of the processing of personal data;
Referring to
YachtSys: ‘
processor’ means a natural or legal person, (…) which processes personal data on behalf of the controller;
C.) What are the most relevant aspects for agents and fleet operators (= controllers)
Art. 6 GDPR: Lawfulness of processing
Processing shall be lawful only if and to the extent that at least one of the following applies:
-
the data subject has given consent (Art. 7 GDPR) to the processing of his personal data (..);
-
processing is necessary for the performance of a contract to which the data subject is party (…);
-
processing is necessary for compliance with a legal obligation to which the controller is subject; (e.g. tax lay obliges controller to keep invoices X years)
-
processing is necessary for the purposes of the legitimate interests pursued by the controller (…), except where such interests are overridden by the interests (…) of the data subject which require protection of personal data, (…)
The last point 4 will give lawyers a lot of work for the next decade. YachtSys as processor will help you to avoid that by complying to points 1,2 and/or 3.
Art. 13 GDPR: Data privacy declaration
You need a data privacy declaration on your website. For that contact your lawyer or use a generator for privacy statement generator which you can find in Google:
For German website owners here is a good source:
http://wbs.is/rom88
This generator also produces data privacy declarations in English, but unfortunately you will have to go through the questionnaire in German language.
Art. 15 to 22 GDPR: Various customer rights
These customer rights are much discussed but you will see that in your daily business they will most probably not play a bigger role than they do already now, so we mention only the most relevant:
- right to rectification
- right to be forgotten
- right to data portability
- right to object
D.) How does YachtSys, the “processor” support you and your business?
YachtSys already has undertaken all measures to fulfil the requirement of security of processing of customer data according to Art. 32 GDPR by using SSL encryption, dedicated servers with professional firewall protection in a renowned server farm (Hetzner), internal regulations, etc..
It is foreseen to launch it until the 21st May 2018 on YachtSys and connected Widgets and make potential bug fixing until 25 May 2018 of following features:
- Integration of explicit consent in all our widgets and request forms of generation 3.0
- Integration of explicit consent in CRM when uploading crew list, skipper license, etc.
- Tools to manually delete clients according to certain criteria
- Tools to correct and export customer data upon request of client
- Agreement which confirms that YachtSys processes client data according to GDPR -
Download.
Also the following blog articles regarding GDPR might be interesting to read: