GDPR Implementation in an Airline Contact Center

Awais Abbasi
With the introduction of GDPR in upcoming May 2018, many companies that used to handle personal data of EU citizens in a more casual manner, are now at risk of facing heavy fines. Airline industry is one such example of business entity that handles and processes personal data on massive scales, which puts the airline business in the spotlight of GDPR compliance. A fair amount of such data is processed in contact centers, which makes it vital to comply with GDPR. Airlines that are not ready to adapt GDPR may face loss of reputation, loss of customer’s trust and bankruptcy because of heavy fines. In today’s age, most of airlines have outsourced their contact center business to third parties, which makes it even more complicated to define the roles and responsibilities of data controller and data processor and both entities have to reach an agreement to share the burden of compliance, in order to survive in today’s competitive environment. The idea of this thesis is to study a running case scenario in one of the major European Airline’s contact center, analyze the flight booking process from GDPR’s perspective to find out the gaps that can cause non-compliance. The solution part of this thesis is focused on filling these gaps by means of activities introduced in the flight booking process to achieve compliance, validated by expert opinion from senior staff members of Airline’s contact center.
Graduation Thesis language
Graduation Thesis type
Master - Cyber Security
Raimundas Matulevicius, Jake Tom
Defence year