GDPR Two Years On: What are the lessons learnt for the aviation industry?
Contacts
Counsel
China
I am a member of the firm's Aviation team, based in Shanghai. I have extensive experience in aircraft financing and leasing transactions (both domestic and cross-border) as well as aviation related compliance matters and commercial projects.
Partner
UK
As a partner in our London-based international Privacy & Data Protection practice, I advise companies on a range of international data and privacy compliance projects, including the implementation of global data management strategies, international data transfers and data compliance issues such as the General Data Protection Regulation (GDPR) or the ePrivacy directive. I am also a member of the firm's global (i) Executive Committee (ExCom) and (ii) Diversity & Inclusion leadership group.
Related
Practices
Sectors
Trending Topics
Regions
Countries
25 May 2020 marked the second anniversary of the EU General Data Protection Regulation (“GDPR”), the EU's cornerstone data protection law that changed the regulatory landscape in Europe and exerts a far-reaching global impact.
Last year limited GDPR enforcement actions were reported throughout its first year of application; this year, we have seen increasing activity from regulators in the field of data protection enforcement and the investigation of high-profile cases, some of which have been within the aviation sector.
The GDPR has extra-territorial effect which affects many organisations in the aviation industry. The GDPR applies to these organisations where personal data is processed either (i) in the context of the activities of their establishments within the European Economic Area (“EEA”) (e.g. an airline having a sales office or branch in the EEA), or (ii) in respect of non-EEA establishments, where they process personal data in relation to offering goods or services to individuals in the EEA or monitoring the behaviour of individuals within the EEA (e.g. a non-EEA airline operating a website targeting the EEA market). Read our article for more information on how the GDPR applies to your organisation.
Airlines, airport operators and their service providers, such as ground handling companies, routinely process large amounts of personal data: information about passengers, crew and other employees as well as personal data relating to suppliers and other business contacts. The highly regulated environment in which aviation players operate and the international character of their operations add another layer of complexity in respect of data protection compliance.
In this article, we examine how the GDPR affects the aviation industry and we focus in particular on:
I. Recent data breaches and enforcement action in the aviation sector;
II. Key aspects of data protection compliance for aviation organisations; and
III. The impact of Brexit on data protection compliance.
