Case study:

Keeping a travel company on the right side of Data Protection law

dnata Travel, a Dubai-based company with multiple UK subsidiaries, was managing Personal Data differently across its businesses, each using separate IT systems and different data capture models.

With GDPR and the Data Protection Act 2018 requirements, standardising Data Protection practices across the business became a critical need.

dnata’s IT Programme Director engaged Pathfinder to conduct an in-depth audit of current practices, identify DP risks, and recommend tailored solutions for their complex business structure.

Our solution

We pride ourselves in a tailored approach at Pathfinder, so when working with dnata we first clarified their specific needs, structure, and operations. After interviewing staff, analysing data processes, and reviewing third-party contracts, we provided a detailed report identifying key compliance risks, with prioritised recommendations and a project plan.

Delighted with Pathfinder’s initial delivery, dnata retained us to implement the recommendations and develop their compliance programme to rollout across the business, including:

  • Data Protection awareness training for all staff
  • A Data Protection Impact Assessment process for IT Project Managers and training them on how to use it.
  • Building a Data Protection Governance regime for Senior and Executive management.
  • A new framework of policies and guidance that we deployed across the entire set of companies in dnata.

Our work gave dnata visibility of the technical, legal and reputational risks the business faced when managing Personal Data. Pathfinder built both the tools and the confidence they needed to manage those risks. Above all, we made sure our approach was tailored to their specific needs.

Read our client’s testimonials:

"Pathfinder's considerable knowledge, experience and pragmatism were invaluable. They adapted quickly to a complicated company group structure and drove the project forward in all aspects, liaising well with senior stakeholders, IT Teams, the Legal Team and the wider business alike to find sustainable and workable solutions to cross-group compliance needs." 

Matthew Vaggers, Senior Legal Advisor, dnata Travel 

"Pathfinder conducted a GDPR compliance audit that was thorough and in-depth. They then backed that up with recommendations and a project plan that was both comprehensive and covered all the issues to hand. They were a pleasure to work with, and I'd recommend their services to other companies worried about GDPR compliance." 

Bruna Bonomi, IT Programme Director, dnata Travel 

Are you confident you are meeting your legal obligations under Data Protection law, and could you demonstrate proper care for customer and employee data, if asked to?

Contact Pathfinder at 020 3143 5558 or email info@pathfinderpm.co.uk to start a discussion on your needs.