Karen H. Shin and Alex C. Nisenbaum
Businesses in the maritime industry may not think of themselves as engaged in significant processing of personal data. However, global shipping and logistics companies regularly transport personal data around the globe. This may include passenger data, sensitive employee data, and customer business contact information used for fulfillment and marketing purposes, all of which are vital to the operations of the business.
As a result, businesses in the maritime industry need to address compliance with a myriad of quickly evolving privacy laws around the globe, including evolving requirements for employees and business contacts in major ports in California and a newly active agency to enforce Brazil’s recently passed omnibus privacy law.
The requirements relating to cross-border transfer of personal data from the European Economic Area (“EEA”) to other jurisdictions, in particular the United States, is an acute challenge for the maritime industry. Legal requirements for such transfers have undergone substantial changes in the past 15 months that require global businesses to assess and make changes to data transfer compliance strategies.
The European Union’s General Data Protection Regulation (“GDPR”) empowers regulators to impose fines of as much as four percent of global annual revenue for cross-border data transfer missteps or step in and halt non-compliant transfers, which could result in significant operational disruption. Accordingly, companies in the maritime industry cannot overlook compliance with regulatory requirements relating to cross-border data transfer.
Continue reading “Changing EU Data Transfer Requirements Create New Challenges”