Supplier Spotlight

Latest video

A look inside the world's only private Boeing 787 Dreamliner

Visitors to Dubai Air Show 2017 had the opportunity to explore the world's only private Boeing 787 Dreamliner. The jet is operated by Deer Jet and managed by UAS International Trip Support, and features a main lounge that accommodate 16 guests, two large dining tables, an enclosed master bedroom, and fully fitted bathroom.

27th November 2017

Duncan Aviation begins work on US$70m Utah maintenance facility

Duncan Aviation has begun construction on a new US$70m business aircraft maintenance, modifications and paint complex in Provo, Utah, in the USA. The company will add nearly 275,000ft² of buildings, with a 222,000ft² maintenance and modifications center and a 53,000ft² paint facility.

23rd October 2017

Would you, or have you, altered your customer offering to cater to millennials?

Web Exclusive Articles

« back to listing

Brace yourselves - GDPR will soon be landing

The General Data Protection Regulation (GDPR) comes into effect in May and businesses must start preparing early to get a plan in place for its arrival, according to Paula Tighe, information governance director at law firm Wright Hassall.


Key decision makers must sit down together and start devising a strategy that meets the requirements of GDPR if they are to achieve compliance in time for May.

Raise awareness and register it
Firstly, recording the transition process to GDPR compliance is an effective way of proving your company is willing to meet the new requirements. Also known as the data register, this record will show what data the business currently holds and where it originated from, outlining the organization’s reasons for processing it.

Compliance is not designed to obstruct or limit a business, but it instead questions existing processes and procedures to improve overall standard.

Businesses should review their existing digital and hard copy format privacy notices and policies and consider if they are concise, written in clear language, easy to understand and easily found.

It is also important to review how these notices and policies are communicated to the data subjects – it’s important that they are explained thoroughly, and that individuals understand how to lodge a formal complaint with the Information Commissioner’s Office if necessary.

Rights of the individual
The aim of GDPR is to give data subjects greater control over their personal data, allowing them to request that their personal information is edited or even deleted at any time. Perhaps one of the key drivers of the changes is the right for an individual to prevent their data being used for direct marketing purposes, as well as their right to challenge and prevent automated decision making and profiling.

Regardless of complaints, adopting transparent procedures will help mitigate potential future problems with the regulator. If companies already handle data carefully under the current guidelines, the transition to GDPR should not be a cause for concern.

Never assume consent
Obtaining and handling consent for the use of personal data is a bit of a tricky area under GDPR. Individuals must give clear consent for their data to be used, and if companies plan on using it differently to what was first agreed, they must obtain separate consent. Whatever way businesses attempt to obtain or confirm consent will help mitigate any future problems at the hands of the regulator.

Where data processing could pose a significant risk to individuals because of the technology that is being used or the scale of the processing, companies should undertake a Privacy Impact Assessment (PIA).

These assessments will help businesses and the regulator decide the likely effects on the individual if their data is lost or stolen and should form part of your ongoing processes. Companies need to ensure they have a robust process for making the assessments and then record it, along with the outcome.

If a business routinely deals with personal data on a large scale, then it could be worth recruiting a dedicated data protection officer to oversee procedures, ensuring compliance at all times.

Companies must also consider written records, which are also covered by the regulations. It is important to ensure all staff are trained on the correct handling of personal data.

Remember, recording the compliance process using a data register is ultimately the most effective way to protect against data breach claims. Those organizations who can prove willingness to comply will fare better than those that don’t.


Paula Tighe is a qualified data protection professional and leads the trusted advisor information governance service. Experienced in working with small, medium and large private and public bodies, Paula advises on a range of data protection issues, including training design and delivery, marketing, housing, project management and ICT security.

Wright Hassall, a full-service law firm, advises clients across a variety of sectors including advanced manufacturing and engineering; food and agriculture; housing, development and construction; and gaming and digital media. Find out more at

October 30, 2017



Your email address:

Read Latest Issue

Exclusive Articles

Patrick Margetson-Rushmore, chief executive of charter operator Luxaviation UK, looks at how business aviation manages the practicalities and paperwork of transporting pets
Click here to read more

David Ryan, chairman of the NBAA Safety Committee, outlines the five main considerations for improving safety in business aviation operations
Click here to read more

In a bid to enhance and develop the UK general aviation industry, the government has appointed Byron Davies as its first ever general aviation champion. BAI talks to him about the role and what the next 12 months will hold
Click here to read more

Submit your industry opinion

Industry BlogDo you have an opinion you'd like to share with the business airport community? Good or bad, we'd like to hear your views and opinions on the leading issues shaping the industry. Share your comments by sending up to 500 words to

Submit Your Recruitment Ad

Recruitment AdTo send us your recruitment advertising or to receive information on placing a banner please email

Supplier Spotlight

Supplier Spotlight Want to see your company included? Contact for more details.