GDPR checklist and template for privacy policy
We know that many marinas and sailing clubs are thinking about the new EU General Data Protection Regulation. Therefore, we decided to create this checklist which you can use as a starting point, if you are not already fully compliant with the new regulations.
This blog post should not be used as legal advice and Harba is not responsible for any consequences of using the information in this blog post.
GDPR checklist and template
Here is a short checklist of the things that should be considered before the 25th May 2018 when GDPR becomes active:
- Any marina or club handling personal data must prepare the following 3 documents:
- Documentation of how you handle data: You must document how you are handling data and what you are doing to ensure you comply with the regulations.
- Data Processing Agreement: You must have a Data Processing Agreement with all suppliers processing or storing data for you. All of Harba’s customers have already received a Data Processing Agreement and you must enter one to store data in Harba. If you store or process data with any other suppliers, you must have a Data Processing Agreement with the company.
- Privacy Policy. Companies and associations need to have a privacy policy that outlines how personal data is stored and processed. This then must be approved by everybody you are storing personal data about. To get approval from current customers we recommend using a mail campaign service like Mailchimp. Here is a guide on how to create a GDPR agreement form with Mailchimp. Regarding new customers you should add to your contracts that they are agreeing to your Privacy Policy by signing. Click the button below to get a template for a GDPR privacy policy from Plesner, a leading Danish law firm.
Storage and processing of personal data
Storage and processing of personal data must comply with the following:
- The data must be stored securely, which for digital data would suggest some level of encryption.
- “The registered”, your customers, are entitled to:
- be informed which personal data you have stored about them;
- have all data stored about them deleted upon request;
- have data delivered to another company upon request, in a commonly used format.
- You must know whether personal data about kids under 16 is stored, and if so, you must get consent from the parents or guardians.
- You must have procedures for how to notice, report and investigate security breaches. To comply, you need to have well documented procedures to handle data security.
- If you use IT systems to store personal data, the systems must comply with all the above.
HarbaMaster marina management software and GDPR
Here at Harba we have designed our marina management software, HarbaMaster, so it allows marinas to easily comply with GDPR.
- As a marina administrator you can easily get an overview of what personal data you have in the system.
- Your customers have personal logins and can inspect the personal data you have about them.
- It is easy to delete all customer data and the customers can request this through our system.
- It is easy to export data as CSV files, if the customer wants to deliver it to another company.
- Since Harba processes and stores data on behalf of our customers, we have a Data Processing Agreement that must be accepted by each customer (harbour).
If you have any questions regarding GDPR you are always welcome to reach out to me, Jens Christiansen, via phone +45 5190 9565 or jens@harba.co.
For questions regarding the HarbaMaster or our other products you can give Christian Elkrog a call on +45 6078 2978 or c@harba.co.
Existing customers already received the template. Please let us know if you didn’t receive it by writing to privacy@harba.co