Skip navigation
Skip navigation
You are using an outdated browser. Please upgrade your browser.

those who tackle GDPR head on have nothing to fear and everything to gain in terms of new levels of customer loyalty based on greater transparency

Taking control of your data is critical, says Lee Clarke at Dynama. Here, he assesses the implications of stricter data protection legislation on the cruise industry and offers a survival guide for today’s fastest growing leisure sector

New legislation that overrides National data protection laws comes into effect on 25th May 2018. European General Data Protection Regulation (GDPR) is the latest hot topic but what does it really mean for the cruise industry?

GDPR seeks to broaden the scope of personal privacy laws and protect the data rights of EU citizens. Individuals will have far greater control of who has their data and how it will be used. Regardless of where the company head office is registered or where corporate accounting takes place, for organizations operating cruise ships visiting European ports, employing European crew and processing European Union (EU) residents’ personal data, it’s time to prepare for GDPR.
Cruising is today’s fastest growing leisure industry and with that accolade comes responsibility for managing infinite numbers of passenger records as well as crew member details.

The introduction of GDPR will require organizations to report on data breaches within 72 hours, putting enormous pressure on new expanding businesses operating in a highly competitive marketplace. Worldwide statistics suggest that data breaches are a growing concern. According to digital security experts Gemalto (i), there were 974 publicly disclosed data breaches in the first half of 2016 which led to the theft or loss of 554 million data records, a 31% increase over the previous six months.

Moreover, just as cruising is becoming even more popular and cruise ship order books are at an all-time high, financial penalties for GDPR non-compliance are a scary prospect. Those who fail to deliver face a fine of € 20 million or 4% of their global annual turnover (whichever of the two is higher). For most companies, this could signal irreparable damage to their corporate reputation or even put them out of business altogether.
All sounds a little frightening? Take heart. The truth is those who tackle GDPR head on have nothing to fear and everything to gain in terms of new levels of customer loyalty based on greater transparency and deeper trust.

Thoughts on preparing for GDPR readiness

Achieving GDPR readiness depends on good preparation. Getting good advice is essential but what can you do to prepare in the meantime? Why not begin by taking the following three steps:

1.Know your data – it might sound obvious but it is surprising how many companies fail to identify and classify their guest and crew data:
- what type of data is held?
- where is it located?
- what levels of security are required to keep it safe?
- who has access to the data?
- how is it used?
- most importantly, have passengers and crew given their consent to its use?

2.Make data control part of the job spec – if the company is big enough or budgets allow, you may be advised to hire a dedicated Data Protection Officer (DPO) who oversees the establishment of control and processes necessary for data protection and privacy. Regardless of your approach, creating consistent processes that are clearly communicated throughout the organization and form part of working practices can help to ensure data security is a priority with all staff and crew whatever their role

3.Good training is essential - staff should know about GDPR and the impact on their role; the risks to the organization, in terms of reputation and financial damage and ultimately that there may be disciplinary risks to individuals if things go wrong. Regular updates should be relevant, reasonable and practical, ie how to deal with - passwords, destroying data, sending emails and attached files etc.

Make technology your new best friend

Relying on spreadsheets or purchasing ‘bolt-on’ IT systems is no longer enough to cover up the cracks of lazy data management. Being ready for GDPR isn’t just about finding data and making sure it is secure, it’s about capturing the context of that data and being able to prove that everything is being done to protect crew and passengers’ personal information at all times.

Automation is the way to go. Fortunately, the latest workforce management technology goes beyond ensuring the right crew members are on the right ship at the right time. Use technology as an all-round strategic data management tool to release the following benefits:

• Speed and efficiency – and the ability to manage big data. Automation and centrally stored information will also remove duplicated effort, reduce administration, time and staff costs

• Integration – an organization wide Active Directory guarantees the security of all login credentials, the crucial first step to securing crew and passengers details

• Sophisticated security – keep both crew and passenger details safe by setting up a well-defined security model that controls how data is segregated and who has the authority to access, use and change it. Customer screens can be configured to ring-fence any sensitive data that passengers choose to store for example, credit card details. Similarly, personal information such as address details can be anonymised or hidden from view when not required for personal identification but are still retained in the original records for auditing purposes

• Advanced reporting capabilities – the ability to report on data quickly and then translate it into highly visual, easy-to-grasp representations in a variety of formats is invaluable to supporting requests for information from GDPR assessors, often at short notice

• Effective compliance management - clear visibility of critical data and the automatic recording of all changes made to data provide a valuable audit trail with the hard evidence to aid compliance with GDPR legislation and so minimise the risk of financial penalties for example, by showing who accessed what data and when

• No more silos – automation encourages consistent ways of working across departments and the organisation as a whole. For example, it is possible to build a GDPR process into the system that is easy to follow and includes how to spot and deal with potential data breaches
• Accountability – the latest solutions are simple to use, interface with a variety of mobile devices and are highly configurable. They empower crew members to own data and make sure it is accurate, trustworthy and accessible. They also flag up potential critical issues, making it possible to take proactive remedial action to avert crisis situations

• Convenience and scalability – the flexibility of a future-proof system enables users to consume and manipulate data in a more connected way, whether an organization has just one cruise ship or an entire fleet. It can quickly adapt to changing GDPR requirements and associated in-house processes as they occur.

Start now! The more advanced an organization is along the way to GDPR compliance, the lower the risk of breaches occurring once GDPR comes into play. Seek professional advice and be prepared internally with a data asset register, robust processes and training then wrap them up with the right technology to create a best-practice data governance framework. Who knows, the reward could be the added bonus of greater passenger satisfaction, trust and customer loyalty.

Dynama does not offer legal advice or GDPR consultancy

Lee Clarke is Regional Director – Northern Hemisphere at Dynama DYNAMA

-ends-

About Dynama
Dynama, an Allocate Software company, builds on 25 years’ heritage and is a leading provider of maritime and defence workforce deployment software. Headquartered in London, Dynama has a fully fledged new office in Canberra (Australia) with sales and support in the USA.
Its flagship product, Dynama OneView, is designed to underpin complex workforce management in safety critical and high skill level environments, delivering both safe staffing and productivity savings.

Dynama does not offer legal advice or GDPR consultancy

For more information, visit www.dynama.global

Editors Contact
Mary Phillips
PR Artistry
tel +44 (0)1491 845553
mary@pra-ltd.co.uk

(i)GEMALTO

This press release was distributed by ResponseSource Press Release Wire on behalf of PR Artistry Limited in the following categories: Travel, Computing & Telecoms, Transport & Logistics, for more information visit https://pressreleasewire.responsesource.com/about.