On 25 May 2018 the General Data Protection Regulation (GDPR) came into force in all EU member states, including the UK, and has an impact in all countries where we operate. 
We want to ensure that our suppliers and customers are aware of their obligations under GDPR, are taking their own advice in relation to how to comply with it and are putting in place all necessary measures to make sure that they will be also compliant with GDPR. The GDPR has extraterritorial reach and will be applicable outside the borders of the European Union. The impact of this is that non-EU based data controllers and processors, such as suppliers within our supply chains, will have to comply with the GDPR when processing data about individuals in the EU.
The steps we need our suppliers and customers to be taking to move towards their compliance with the GDPR include:
• undergoing your own GDPR readiness self-assessment and identifying how personal data is processed or controlled within your organisation;
• implementing appropriate technical and organisational measures to ensure and to be able to demonstrate that any processing of personal data will be in accordance with the GDPR;
• implementing appropriate data protection policies;
• ensuring that employees receive the relevant training in relation to GDPR;
• consider gaining security accreditations to protect against cyber attacks and personal data breaches;
• sharing no more personal data with your own suppliers or third parties than is necessary in the particular circumstances, and in any case, complying with restrictions on transfers in any contract you have with Southcoasting Navigators;
• ensuring that you are only processing personal data where you have a lawful basis to do so and you have a record of this (including a record of any consents relied upon);
• putting in measures to ensure you can support us in complying with data subject rights, notifications of any data breach or if we exercise our rights to audit your compliance; and
• ensuring that you are correctly registered with the ICO where required.
As one of our steps to compliance, we will continue as presently unless you notify us that you reject this.