Supplier Spotlight

Latest video

Forming the future of Wanaka Airport

Residents in Wanaka, New Zealand, were encouraged to join conversations on the future of Wanaka Airport at interactive community and stakeholder engagement sessions. Discussions surrounding what the hub could evolve into by 2045 included the airport’s strengths, thoughts on the return of scheduled services and opportunities for growth.

18th June 2018

The future of flying

The European Business Aviation Association (EBAA) has published a report in cooperation with young people think tank ThinkYoung called Expanding Horizons: How Millennials see the Future of Business Aviation. The survey asked young people aged 18-25 in Germany, France, the UK and Switzerland about mobility, business aviation and the future of sustainable personal air transport. Read more on Andrea Gerosa, founder of young people’s think-tank ThinkYoung, thoughts here

04th June 2018

How many trade visitors is this week's Farnborough Airshow expected to attract? 

Web Exclusive Articles

« back to listing

Brace yourselves - GDPR will soon be landing

The General Data Protection Regulation (GDPR) comes into effect in May and businesses must start preparing early to get a plan in place for its arrival, according to Paula Tighe, information governance director at law firm Wright Hassall.


Key decision makers must sit down together and start devising a strategy that meets the requirements of GDPR if they are to achieve compliance in time for May.

Raise awareness and register it
Firstly, recording the transition process to GDPR compliance is an effective way of proving your company is willing to meet the new requirements. Also known as the data register, this record will show what data the business currently holds and where it originated from, outlining the organization’s reasons for processing it.

Compliance is not designed to obstruct or limit a business, but it instead questions existing processes and procedures to improve overall standard.

Businesses should review their existing digital and hard copy format privacy notices and policies and consider if they are concise, written in clear language, easy to understand and easily found.

It is also important to review how these notices and policies are communicated to the data subjects – it’s important that they are explained thoroughly, and that individuals understand how to lodge a formal complaint with the Information Commissioner’s Office if necessary.

Rights of the individual
The aim of GDPR is to give data subjects greater control over their personal data, allowing them to request that their personal information is edited or even deleted at any time. Perhaps one of the key drivers of the changes is the right for an individual to prevent their data being used for direct marketing purposes, as well as their right to challenge and prevent automated decision making and profiling.

Regardless of complaints, adopting transparent procedures will help mitigate potential future problems with the regulator. If companies already handle data carefully under the current guidelines, the transition to GDPR should not be a cause for concern.

Never assume consent
Obtaining and handling consent for the use of personal data is a bit of a tricky area under GDPR. Individuals must give clear consent for their data to be used, and if companies plan on using it differently to what was first agreed, they must obtain separate consent. Whatever way businesses attempt to obtain or confirm consent will help mitigate any future problems at the hands of the regulator.

Where data processing could pose a significant risk to individuals because of the technology that is being used or the scale of the processing, companies should undertake a Privacy Impact Assessment (PIA).

These assessments will help businesses and the regulator decide the likely effects on the individual if their data is lost or stolen and should form part of your ongoing processes. Companies need to ensure they have a robust process for making the assessments and then record it, along with the outcome.

If a business routinely deals with personal data on a large scale, then it could be worth recruiting a dedicated data protection officer to oversee procedures, ensuring compliance at all times.

Companies must also consider written records, which are also covered by the regulations. It is important to ensure all staff are trained on the correct handling of personal data.

Remember, recording the compliance process using a data register is ultimately the most effective way to protect against data breach claims. Those organizations who can prove willingness to comply will fare better than those that don’t.


Paula Tighe is a qualified data protection professional and leads the trusted advisor information governance service. Experienced in working with small, medium and large private and public bodies, Paula advises on a range of data protection issues, including training design and delivery, marketing, housing, project management and ICT security.

Wright Hassall, a full-service law firm, advises clients across a variety of sectors including advanced manufacturing and engineering; food and agriculture; housing, development and construction; and gaming and digital media. Find out more at

October 30, 2017



Your email address:

Read Latest Issue

Exclusive Articles

George Galanopoulos, managing director of Luxaviation UK, talks to BAI about peak season operations, the influx of millennial passengers and new helicopter partnerships.
Click here to read more

Annika Abraham, managing director EMEAA at Avinode Group, speaks exclusively to BAI about the evolving technology in business aviation, the company’s expanding customer offerings and her career to date.
Click here to read more

John Dewing, flight support operations and facilities manager at SaxonAir, talks to BAI about potential business opportunities offshore, renewable energy and Brexit.
Click here to read more

Submit your industry opinion

Industry BlogDo you have an opinion you'd like to share with the business airport community? Good or bad, we'd like to hear your views and opinions on the leading issues shaping the industry. Share your comments by sending up to 500 words to

Submit Your Recruitment Ad

Recruitment AdTo send us your recruitment advertising or to receive information on placing a banner please email

Supplier Spotlight

Supplier Spotlight Want to see your company included? Contact for more details.