Skip to main content

GDPR’s Impact on Airports

14 Sep 2023
Victoria Wallace

The European Union’s General Data Protection Regulation (GDPR) was enforced in May 2018 — (January 2020 for the UK GDPR) — and while consumers dealt with an influx of GDPR opt-in emails, businesses weathered a frenzy of preparation and concern. Fast forward to today, and what has been the lasting impact of GDPR on airports?

GDPR brought about a positive revolution in data handling, which businesses initially saw as a challenge.

Even before GDPR, Heathrow Airport was fined £120,000 for a security breach. Then came GDPR, and the British Airways data breach resulted in a £20 million fine in 2018 (lowered considerably from £183 million that the Information Commissioner’s Office initially proposed). It was a stark reminder of the consequences of non-compliance. European agencies slapped fines totalling €56 million for GDPR violations in just nine months.

Proactive adherence to GDPR became crucial to avoid severe fines, public misuse claims, damage to brand reputation, and potential compensation claims.

GDPR’s Relevance to Airports

Under GDPR regulations, all airports that collect and process data belonging to EU passengers, regardless of where the airport is located, must ensure that the collection, storage, and distribution of passenger data remains secure and protected. The Passenger Name Record (PNR) system, originally used to share flight details with global security and border agencies, had to adapt to stringent GDPR rules:

  • PNR can only be used to combat terrorism.
  • Processing special category data is heavily restricted.
  • Personal identifiers are to be stripped after six months.
  • Data must be deleted after five years.

As explained by DPAS Chief Data Protection Officer, Nigel Gooding, GDPR’s scope is global and affects all international airport operators, regardless of where passengers are based.

Email Marketing in the GDPR Era

As airports ventured into ecommerce, collecting passenger data became even more crucial to personalise experiences and made GDPR’s reach more extensive. And while GDPR seemed like a hurdle for airport marketers, it became an opportunity for growth.

The push for clean data — accurate, current, and relevant — reshaped marketing strategies. Brands started valuing quality over quantity, realising that outdated or irrelevant data could harm machine learning systems. Post-GDPR, many found:

  • Enhanced data quality.
  • Improved subscriber engagement.
  • Better email deliverability and engagement metrics.

Marketers began to appreciate clean data’s potential for insights into customer behaviours and purchasing patterns.

The Positive Ripple Effects of GDPR

Since its implementation, GDPR has had a significant impact on businesses worldwide. Airports are recognising that compliance isn’t just about staying on the right side of the law — it’s about operating in a way that respects passengers’ data and prioritises security, gaining their trust. GDPR has transformed business approaches in:

  • Record Management: Regularly updating and cleaning data archives became a norm, ensuring more effective campaigns and reduced storage costs.
  • Employee Confidence: Knowing that they are adhering to the law gives employees a sense of security, which translates into enhanced customer trust.
  • Consumer Trust: With increasing cyber threats, GDPR became a means for brands to earn customer trust. Investment in cybersecurity spending are expected to reach $300 billion by 2026.
  • Worldwide Compliance: GDPR set a benchmark for global data protection laws. Complying with GDPR essentially means aligning with other international data protection standards.

Technology — like Rezcomm’s integrated system for ecommerce solutions — has emerged to ease GDPR compliance for airports. These systems offer transparent auditing, data management, and evidence of adherence, ensuring that airports effortlessly navigate the GDPR landscape.

Be GDPR Compliant with Rezcomm

While initially daunting, GDPR has cultivated an environment of trust, transparency, and innovation for airports worldwide, and Rezcomm has helped keep their passenger’s data safe. If you have further inquiries regarding GDPR’s lasting impact, our Rezcomm Data Protection Officer (DPO) and team will happily advise where they can.

If you want to learn more about using the Rezcomm Marketplace, download our brochure, watch our video, or get in touch to discuss how we can help you deliver your digital transformation strategy.