In Compas, this feature can be found through: Admin | System | GDPR Setting.
The General Data Protection Regulation (EU) 2016/679 (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.[1] Superseding the Data Protection Directive 95/46/EC, the regulation contains provisions and requirements related to the processing of personal data of individuals (formally called data subjects in the GDPR) who reside in the EEA, and applies to any enterprise—regardless of its location and the data subjects' citizenship or residence—that is processing the personal information of data subjects inside the EEA.
Controllers and processors of personal data must put in place appropriate technical and organisational measures to implement the data protection principles. Business processes that handle personal data must be designed and built with consideration of the principles and provide safeguards to protect data (for example, using pseudonymization or full anonymisation where appropriate). Data controllers must design information systems with privacy in mind, for instance use the highest-possible privacy settings by default, so that the datasets are not publicly available by default and cannot be used to identify a subject. No personal data may be processed unless this processing is done under one of six lawful bases specified by the regulation (consent, contract, public task, vital interest, legitimate interest or legal requirement). When the processing is based on consent the data subject has the right to revoke it at any time.
Note: This feature is activated by Netvision only when requested by the client.
How GDPR is set in the System?
In Compas to set the GDPR, please check in the Admin Panel, under the System Section.
Select if the setting is for Compas Office/On-board or Crew Application.
Enable Automation - This will enable the process from Client side. However, this will not have any effect until the process is activated by NetVision on server side. This option is provided to clients to temporary suspend the process if required for any reason.
The process itself is divided into 2 parts / steps.
Step 1
The first step includes the list of personal data that has to be deleted after X months, X being the months after the crew has resigned / been dismissed, this is defined by the client. i.e. I want to delete all these items of personal data after 6 months. The period configured here should be in accordance to the company’s data retention policy, with regards to crew members personal & non-financial related data.
For the scanned copies of various items, they will be deleted along with the data record. No additional setup is required for this.
For the contract details (data record), it is linked to crew payroll, hence cannot be deleted.
Step 2
This step allows full deletion of the data elements left unchecked in the system under step 1, after Y (greater than X) months since the seafarer has resigned / been dismissed (if the check box is checked). This period is generally governed by the local jurisdiction of the crew employer with regards to data retention for various auditing requirements. Here the client has the option to either anonymise the crew name or leave the same as-is.
User Permission
If for any crew member, we need to retain all data and this crew member should not be included in the GDPR process, for such crew member, on the crew profile, the users can exclude the crew member from GDPR process, by clicking on the Green Lock icon (Included in GDPR processing) and turning the icon to Red Lock (Excluded from GDPR Processing).
Silver Key icon is now for changing the password
The user is required to have the Crew page > Personal details - Lock permission on the permission tree.
Movement
External Sea – will delete All External Sea Service recorded on the Crew Profile.
Pre-employment Checks - will delete recorded Pre-employment Checks and uploaded documents
Seniority starting point – will delete the Seniority balance starting point and all computed data.
Personal
Personal Details-will delete the information from crew profile - main page.
Address – will delete Address section under Personal tab, as per below:
Contact - will delete Contacts section under Personal tab: Family - will delete Family members details under Personal tab.
Family - will delete family members details under Personal tab
Union – Data under the Union section is deleted when checked.
Additional Information- will delete Additional Information under Personal tab
Education - will delete Education records under Personal tab
Comments - will delete all the Comments recorded under Personal tab
Security questions - will delete Security questions.
Crew Chat - will delete Crew Chat under Personal tab.
Traveller Profile - will delete Traveller Profile under Personal tab.
Crew Sticky Notes - will delete the recorded Sticky notes.
Working gear – will delete records related to the Working gear issued to the crew.
Crew contract scanned documents – will remove the scanned contract attached under Service > Contracts. The contract data record will not be deleted as this is linked to closed payrolls.
Crew Photo – will remove crew’s photo from crew profile.
Bank Accounts & Payments - anonymize processed payment bank draft details, including Beneficiary details such as name and account number. These records cannot be deleted as they are linked to payments and closed payrolls.
Service
Assignments - will delete the recorded Assignments as per below:
Long service award - will delete Long service award records.
Nominations - will delete Nominations records
Programs – is deleting the Programs recorded under Service tab.
Readiness - will delete the readiness records.
Flights - will delete crew recorded Flights.
Documents
When checked will delete the following sections under Documents & Flag Docs. tabs:
Authentications / Certificates / Books / Licences / Passports / Visa / Vaccinations / Acknowledgment / Dispensations / Maritime Legislation Exams
Training
When checked will delete the following sections under Training tab:
Activities / Training Requests / Elearning history / Study grant / Drills / CBT Results Competency
Evaluation
E-Appraisals - will delete the recorded appraisals under Evaluation tab as per below.
Medical
When checked will delete the following sections under the Medical tab, as per below print screen:
Medical Examinations / Medical Events / Drug & alcohol tests / Health Insurance.
Comments
Article is closed for comments.