«We knew we had to do something about it, but we did not know how much work it would be. Looking back, it was quite a job. However, we are happy that the EU forced us to sharpen our attention on how we store all sorts of information about people. It was a steep learning curve, but it was a necessary exercise,” say Kathrine Bogen, Karianne Nordby and Trond Helland.
Knowledge about your identity and personal profile is a core business idea for global players such as Facebook, Google, Microsoft and Apple. This is knowledge with a price in a market for marketing, research, justice and even crime. All employees on shore and at sea in Seatrans leave valuable information about themselves in various data systems. How are these identities taken care of? Relax. You are safe. However, GDPR was a wake-up call from Brussels to all businesses in Europe – and beyond.
“We started last autumn and had a real kick-off in February this year. We found that we had to look at some 60 to 70 different applications in use within our company,” IT Manager in Seatrans Ship Management (SSM) Trond Helland explains. “We had to go thoroughly through what service agreements we had with external data suppliers and maintenance companies and how they treated sensitive identity data.”
“We also developed a policy statement for all companies within the Seatrans family and their websites. We do not use cookies because we don’t need the information a visitor on our sites leaves behind. But for Human Resources and Crewing, this kind of information is within the core of what we are doing. The good thing is that we are allowed to store information about any person once the permission is given to do so, and you do not store more than you need for the agreed purpose. Through the process of implementing GDPR, we have become much more aware of what this mean in practice. And not least, we have achieved annual routines for deleting information that we do not need anymore. One example is CVs from persons applying for a job they didn’t get,” Karianne Nordby at the Human Resources Department, SSM explains.
“Remember, this is not only related to binary data. Some (..) of us had to carefully go through our folders and shelves and shred papers with sensitive
information. A few of us got a cleaner desk and more space on the shelves,” Kathrine Bogen continues. “I would say I am happy for the EU initiative to take up the battle against the global moguls, forcing them to take part in protecting all European citizens in this field. An American has by far so many more rights to protect their identity from being sold to third parties,” Kathrine concludes.
The three aim to greet their colleagues with a positive attitude. “I mean, initially GDPR was not an exciting thing to jump into. We had a very positive and obligatory general meeting where we presented the project and the beneficial aspects related to GDPR. Since then, we have noticed how the positive Seatrans spirit made this a great project for the organisations we work in,” Trond says. “And the job will never be over. GDPR
is part of our way of working and of the awareness of the valuable information we have about people around us,” Kathrine adds.
GDPR at sea
The next phase in the GDPR project is to ensure that
all personal information stored on board the vessels follows the GDPR requirements. This might partly be a reality already. Some personal information about the crew members has to be stored on board. With the GDPR guidelines in mind, the routines and systems on board will be brought into compliance with the new and protective requirements. GDPR is expected to be a central topic on the Top2 seminar this winter.
Privacy statement – GDPR
If you want to know more about how Seatrans complies with the GDPR requirements, you can take a look at the website http://www.seatrans.no/privacy-statement-gdpr/