en fr

Data privacy and IT systems protection

Whether for passenger bookings, flight schedule management or aircraft maintenance, etc., information systems are at the heart of all of Air France-KLM’s activities. For the Group, the protection of personal data, a key element in the trust accorded to the Group by its customers, is a priority focus.

Permanent benchmarking and an independent cyber ranking agency enable us to remain informed of the measures implemented by other air transport industry players and thus adapt our own processes if necessary. In December 2021, the Air France-KLM IT centers had a cyber score situated above the top end of the range for the air transport industry.

To manage cyber-security risks, the Group’s strategy is underpinned by several initiatives:

To offer the best level of protection on the ground and in the air, Air France-KLM has reinforced its teams dedicated to cyber security and increased the financing of a number of major programs:

An annual presentation on these programs is made to the Group Executive Committee and to the Audit Committee of the Air France-KLM Board of Directors, guaranteeing sponsorship at the highest level. These programs are supported by a Cyber Security Governance composed of:

Data privacy

Since the Group is well aware that the protection of private lives and personal data is an increasingly sensitive subject, and rightly so, it places this issue at the heart of its priorities and ensures the highest level of regulatory compliance.

In 2022, in addition to strengthening the existing processes for Data Privacy governance, the management of data compliance breaches and training as part of the annual compliance program, the main focus was on the compliance of transfers of personal data outside the European Economic Area, after the invalidation by the Court of Justice of the European Union of the Privacy Shield in the “Schrems IT” case. As a consequence, the European Data Protection Board (EDPB) recommended, for these transfers,  the performance of Data Transfer Impact Assessments (DTIA) and the use of new models of Standard Contractual Clauses. 

The overall effectiveness of the Data Privacy management system is regularly evaluated thanks to a dedicated Internal Audit program. This framework has been improved and reinforced since 2019. An ex-post audit will be carried out to ensure the adequacy of the improvements made.

In 2022, in parallel with the GDPR (European General Data Protection Regulation) requests sent directly to the airlines, Air France and KLM recorded and handled a total of 9 complaints concerning personal data privacy: 1 from the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) and 8 from the CNIL.

See more post