Page 30 - Goldair_Handling_F WEB
P. 30

Governmental Principles


                                                                                                                                   Risk Management                                    Data Protection
                                                                                                                                   In Goldair Handling we have a careful and          In the process of our daily operations, our employees
                                                                                                                                   considered approach to risk. We believe that       come into contact with private information which
                                                                                                                                   an ownership structure encourages a long-          requires delicate treatment and specific procedures. All
                                                                                                                                   term outlook and that the systems applied,         issues related to data management and protection are
                                                                                                                                   help us manage risk effectively across our         managed by the Personal Data Protection department
                                                                                                                                   global operations. The BoD is responsible for      which is also responsible for raising awareness on
                                                                                                                                   mitigating the business risks but day-to-day       data protection practices and the implementation of
                                                                                                                                   oversight has been delegated to the appropriate    the Data Protection Policy as it was revised in 2022.
                                                                                                                                   committee. Each committee, coordinating with       Goldair Handling is fully committed to complying with
                                                                                                                                   the responsible department run risk identification   the European Union Regulation 2016/679 (GDPR)
                                                                                                                                   and analysis processes regularly and establish     to ensure the proper management and protection
                                                                                                                                   proposals for the management.                      of clients' and passengers' data. Furthermore, the
                                                                                                                                                                                      Company proceeded with the following actions:
            Extended Committee                                 workplaces in safety issues. Through their joint
            Goldair  Handling’s  management  team  meets       efforts, they ensure the implementation of all related
            on a monthly basis with the participation of an    procedures and the effective management of related                           The control of existing data protection            The revision of the internal audit
            extended management group of opinion leaders.      incidents.                                                                   technical measures, by implementing the            plan, incorporating privacy issues.
            The Committee internalizes the strategic direction of                                                                           necessary amendments and adaptations.
            Goldair Handling and takes collective ownership for   GDPR Committee                                                                                                               The design and implementation
            business development. Furthermore, the Committee   The importance of the protection of personal data in                         Implementation of secure passwords                 of an electronic data retrieval plan.
            a vital part in supporting the core leadership team in   Goldair Handling is highlighted by the existence of                    policy.
            designing and executing strategic priorities.      the GDPR Committee and its significant role in the                           The distribution of written instructions           The creation of a special training
                                                               operation of the Company. The GDPR Committee is                              on the compliance of the Company's                 program on personal data protection
            ESG Committee                                      headed by the BoD Vice President and supports the                            departments in matters of data                     issues, to inform all staff.
            The responsibilities of the ESG Committee involve   Management in all matters related to the application                        management and protection.
            the review and consideration of the ESG impacts of   of and compliance with the rules of the GDPR
            the business. Its members comprise executives from   framework and the management of incidents.                        Cyber Security                                      needs but also to adopt any new security standards
            all major departments of Goldair Handling: Human   The membership of the Committee is made up                          Our Company maintains Cyber Security high in        and best practices of the IT industry.
            Resources; Finance; Commercial/BD; Operations;     of the Internal Auditor & DATA Protection Officer                   the agenda of sustainability, as it is a critical factor
            Quality, Environment & Sustainability; Marketing;   (DPO), the CSO, Quality & Environment Manager,                     affecting  all  Company’s  operations.  The  size   Almost all types of cyber-attack incidents are relied
            and International Network Projects, as well as the   the IT Manager, the Legal Advisor and Deputy Data                 and exposure of the Company requires special        on the human factor and more specific on the human
            Company Vice-President. The Committee, which is    Protection Officer.                                                 attention when it comes to Cyber Security and thus   error. So, no matter how advance and sophisticated
            headed by the CEO meets at regular intervals and                                                                       a significant budget is allocated every year.       security systems the Company use to safeguard
            assesses the overall progress of the Company with   Quality, Environment & HACCP Committee                                                                                 systems and data, the human factor should always
            regards to each ESG pillar.                        Goldair Handling has established a framework of                     To preserve the security and integrity of the systems   be part of the Cyber security equation. For that
                                                               dedicated committees responsible for quality issues                 the Company has focus on two main pillars. The IT   reason the Company has issued several cyber
            Safety Review Board (SRB)                          in each of Company’s stations. The main station                     infrastructure and the human factor.  All IT systems   security policies to inform and alert all the users of the
            Health and Safety remain always foremost priorities   committee includes the CEO, the CSO, Quality &                   have been implemented in line with the latest cyber   potential threats and the attention required form their
            for the Goldair Handling. Safety Review Board (SRB)   Environment Manager, the Athens Station Manager                  security guidelines and best practices, while the   side, while a standard cyber security training and
            is the body tasked with maintaining optimal Health   as well as local managers, supervisors and process                latest achievement of ISO27001 simply justifies     awareness program is running on a yearly basis for
            and Safety conditions throughout all stations where   owners and any issues identified are communicated                that. However, there is no IT system 100% cyber     all Company’s employees. Furthermore, on a regular
            the Company has presence. Additionally, in Athens   directly to the BoD. For the regional stations, a                  secured and so the Company has also focused in      basis a social campaign is running to evaluate the
            Station the Ground Safety Action Group (GSAG)      special team consisting of the Station and Regional                 implementing as many redundancies and backups       level of awareness, in order to shape and adjust
            is specifically responsible for ground operations in   Manager, environmental coordinator and section                  procedures possible, to eliminate any potential data   the training program accordingly. Sustainability is
            Athens Airport. Moreover, the Company established   supervisors, document the outcomes of their reviews                losses and ensure a quick recovery in case of a     directly related to IT systems availability and integrity
            the Cargo Safety Action Group (CSAG) in order      and communicate them to the BoD as part of the                      Cyber-attack incident. All redundancies and backup   and thus the Company treats both of them with the
            to supervise and evaluate the cargo’s operational   Management Review report.                                          policies are reviewed regularly to follow Company’s   required level of attention and importance.



            28                                                                                                                     ESG & SUSTAINABILITY REPORT 2021-2022                                                          29
   25   26   27   28   29   30   31   32   33   34   35