Keeping a travel company on the right side of Data Protection law
Dnata Travel is a Dubai owned travel company with a dozen subsidiaries in the UK. Each subsidiary had its own IT systems and its own set of Personal Data on customers and employees. Approaches to managing that Personal Data varied across the companies too.
However, with GDPR and the Data Protection Act 2018 in force, the need was to ensure Data Protection across Dnata was standardised and represented best practice.
Their IT Programme Director contacted Pathfinder Project Management to carry out an in-depth analysis of Data Protection practices, highlight areas where they were at risk and advise on the best solutions for them.
For us, each client is different so we started by working to understand Dnata’s needs, its structure and its way of working. We interviewed key staff across the subsidiary companies, delved into functional areas processing Personal Data and reviewed their third-party contracts to confirm that Dnata’s suppliers were fulfilling their obligations.
From this work, we gave Dnata a detailed report calling out areas of risk in complying with the law, as well as a list of prioritised recommendations and a project plan for delivery.
Dnata was so happy with the quality of the work from Pathfinder, they asked us to stay and deliver the recommendations ourselves. We built and delivered a compliance programme for Dnata, including:
- Data Protection awareness training for all staff
- A Data Protection Impact Assessment process for IT Project Managers and training them on how to use it.
- Building a Data Protection Governance regime for Senior and Executive management.
- A new framework of policies and guidance that we deployed across the entire set of companies in Dnata.
Our work gave Dnata, visibility of the technical, legal and reputational risks they faced when managing Personal Data. We gave them the tools and the confidence they needed to manage those risks. Above all though, we made sure our approach was tailored to their specific needs.
Read our client’s testimonial below
Client Testimonial
Pathfinder’s considerable knowledge, experience and pragmatism was invaluable. They adapted quickly to a complicated company group structure and drove the project forward in all aspects, liaising well with senior stakeholders, IT Teams, the Legal Team and the wider business alike to find sustainable and workable solutions to cross-group compliance needs.
Pathfinder conducted a GDPR compliance audit that was thorough and in-depth. They then backed that up with recommendations and a project plan that was both comprehensive and covered all the issues to hand. They were a pleasure to work with and I’d recommend their services to other companies worried about GDPR compliance.
Do you know what your legal duties are under Data Protection law? Can you prove to a court that you’re looking after your customers’ and employees’ data? If you can’t answer “Yes” to either of these questions, give Pathfinder a ring on
07775 601969 or email info@pathfinderpm.co.uk