We defined a process to achieve the compliance with the GDPR that is specific tailored for the characteristics and need of regional airports.
CLIENT: Deep Blue (Internal Development Project)
Personal data managed by regional airports are very heterogenous ranging from data related to CCTV to WiFi services, from boarding card to special healthcare services. These data are exchanged with airlines and different service providers. The consequences of possible violations could be severe because could impact physical security and their treatment requires a good knowledge of the specificities of regional airports.
Deep Blue exploited its knowledge about procedures in regional airports and its research outcome in safety and cyber security, to develop a process for the compliance to GDPR, that is tailored for the characteristics and need of regional airports. The approach adopted is similar to those for achieving compliance in the safety and security domains where the experience has shown the importance of human and organizational aspects.
A process to achieve and show compliance with the GDPR based on seven steps, that is specific for regional airport and can be tailored to suit their needs and level of maturity in the treatment of personal data.