Filter By:

GDPR

Latest update 08 May 2018

OVERVIEW 

Please see the download section on the top right hand corner of this page to read the overview of this section and scroll down the page to read the latest updates on ERA's activities and position.

To view and read ERA's latest publication on GDPR please click in the download section.

ERA’S CURRENT POSITION

ERA continues to monitor for member state readiness (which is difficult to ascertain) and share any difficulties faced by member state airlines with the ERA community. Thus far, there has been little feedback from ERA or IATA member carriers in this regard. We would therefore urge members to share any challenges they may be experiencing.

In addition, ERA’s industry affairs representatives will continue to attend seminars and workshops to gather information that will assist members with preparations for the regulation.

UPDATE

Latest update 08/05/2018: In the final run-up to the implementation of the EU General Data Protection Regulation in May 2018, ERA would encourage member airlines to self-assess their operational readiness using the checklist that is available for download at the top of this page. The list itself does not cover all aspects of being compliant, however sets a clear framework as to how rigorously member airlines should be preparing in order to be compliant. 

This self-assessment checklist is part of a wider project being conducted by ERA. The outcomes of the research will be detailed in the forthcoming ERA Policy and Technical GDPR brochure for regional airlines to include prudent protection, risk analysis and process improvement methodologies.

15/03/2018: An article on GDPR recently featured in ERA's Regional International magazine is available for download from the top of this page.

05/01/2018: The ERA Industry Affairs Group were fortunate to have member Hill Dickinson present on GDPR at its November 2017 meeting. They highlighted the far-reaching nature of GDPR, as it addresses the following areas:

  • consent
  • transparency in data processing
  • online ID and profiling
  • enhanced rights for individuals
  • direct compliance obligations on data processors
  • privacy by design and by default
  • privacy impact assessments (PIAs)
  • the role of data protection officers
  • data breaches
  • cyber attacks
  • the impact of a ‘one stop shop’ – lead authority for regulatory oversight
  • accountability to NDPAs (National Data protection Agencies) and stronger enforcement
  • expanded territorial scope

The GDPR Regulation is available for download from the top of this page.

The Article 29 Working Party (WP29), an independent European advisory body, which provides expert opinions on questions of data protection, has recently published guidelines and frequently asked questions regarding the implementation of the GDPR, including guidelines on Data Protection Officers (Section 4 of the Regulation) (available for download from the top of this page), the right to ‘data portability’ (Article 20 of the Regulation) and guidelines for identifying a controller or processor’s lead supervisory authority.

The aim of the guidelines is to assist processors and controllers with complying with the law, clarifying the role of the Data Protection Officer (DPO) and offering best practice solutions, based on experience gained in some EU member states. The WP29 intends to monitor the implementation of the guidelines and potentially complement them with further solutions in due course. Stakeholders had the opportunity to provide comments to the WP29 on these guidelines until the end of January 2017, and this is something ERA will continue to monitor.

CONTACT

For further information please contact caroline.osullivan@eraa.org