We support the aim of data protection legislation to strengthen the rights of individuals in respect of data relating to them, and we are committed to complying with our obligations whenever personal data are processed by the Aerotek Aviation Engineering Limited either as a data controller or as a data processor.
We are ensuring compliance with our data protection obligations by:
- Implementing an information governance framework to manage effectively the data that Aerotek Aviation Engineering Limited processes, inclusive of personal data.
- Completing internal information asset audits to ensure that Aerotek Aviation Engineering Limited fulfils its obligations in respect of the personal data it processes in light of new data protection and privacy rules being introduced in 2018 (most notably, in compliance with the EU General Data Protection Regulation).
- Ensuring that personal data is processed in accordance with an appropriate lawful basis and by advising data subjects of their rights.
- Employing a “data protection by design” approach to systems engineering and projects that promotes and incorporates privacy and data protection considerations from the outset. In particular, we are currently reviewing the level of safeguards required for protecting data relating to persons held pursuant to contractual and other legally-relevant constraints. This review will help ensure that appropriate organisational and technical controls are in place for the duration of the data storage lifecycle.
- Ensuring that, where applicable, personal data is anonymised, and/or pseudonymised with sufficient measures to mitigate effectively risks of later re-identification and harm to data subjects upon further processing, appropriately.
- Providing training and guidance to all staff in respect of their data protection responsibilities.
- Ensuring that the correct information governance and privacy policies are in place to support staff, notably in respect of ensuring personal data accuracy and quality, minimised data retention, and adequate security policies.
- Implementing a centralised breach reporting management process as well as an electronic data subject request process.
- Ensuring that personal data is only shared where Aerotek Aviation Engineering Limited is satisfied that third party recipients are legally entitled to further process it pursuant to appropriate data sharing agreements.
- Only working with reputable companies for data processing services that are data protection compliant and
which enter into appropriate data processing agreements.