Page 31 - Goldair_Handling_F WEB
P. 31
Governmental Principles
Risk Management Data Protection
In Goldair Handling we have a careful and In the process of our daily operations, our employees
considered approach to risk. We believe that come into contact with private information which
an ownership structure encourages a long- requires delicate treatment and specific procedures. All
term outlook and that the systems applied, issues related to data management and protection are
help us manage risk effectively across our managed by the Personal Data Protection department
global operations. The BoD is responsible for which is also responsible for raising awareness on
mitigating the business risks but day-to-day data protection practices and the implementation of
oversight has been delegated to the appropriate the Data Protection Policy as it was revised in 2022.
committee. Each committee, coordinating with Goldair Handling is fully committed to complying with
the responsible department run risk identification the European Union Regulation 2016/679 (GDPR)
and analysis processes regularly and establish to ensure the proper management and protection
proposals for the management. of clients' and passengers' data. Furthermore, the
Company proceeded with the following actions:
Extended Committee workplaces in safety issues. Through their joint
Goldair Handling’s management team meets efforts, they ensure the implementation of all related
on a monthly basis with the participation of an procedures and the effective management of related The control of existing data protection The revision of the internal audit
extended management group of opinion leaders. incidents. technical measures, by implementing the plan, incorporating privacy issues.
The Committee internalizes the strategic direction of necessary amendments and adaptations.
Goldair Handling and takes collective ownership for GDPR Committee The design and implementation
business development. Furthermore, the Committee The importance of the protection of personal data in Implementation of secure passwords of an electronic data retrieval plan.
a vital part in supporting the core leadership team in Goldair Handling is highlighted by the existence of policy.
designing and executing strategic priorities. the GDPR Committee and its significant role in the The distribution of written instructions The creation of a special training
operation of the Company. The GDPR Committee is on the compliance of the Company's program on personal data protection
ESG Committee headed by the BoD Vice President and supports the departments in matters of data issues, to inform all staff.
The responsibilities of the ESG Committee involve Management in all matters related to the application management and protection.
the review and consideration of the ESG impacts of of and compliance with the rules of the GDPR
the business. Its members comprise executives from framework and the management of incidents. Cyber Security needs but also to adopt any new security standards
all major departments of Goldair Handling: Human The membership of the Committee is made up Our Company maintains Cyber Security high in and best practices of the IT industry.
Resources; Finance; Commercial/BD; Operations; of the Internal Auditor & DATA Protection Officer the agenda of sustainability, as it is a critical factor
Quality, Environment & Sustainability; Marketing; (DPO), the CSO, Quality & Environment Manager, affecting all Company’s operations. The size Almost all types of cyber-attack incidents are relied
and International Network Projects, as well as the the IT Manager, the Legal Advisor and Deputy Data and exposure of the Company requires special on the human factor and more specific on the human
Company Vice-President. The Committee, which is Protection Officer. attention when it comes to Cyber Security and thus error. So, no matter how advance and sophisticated
headed by the CEO meets at regular intervals and a significant budget is allocated every year. security systems the Company use to safeguard
assesses the overall progress of the Company with Quality, Environment & HACCP Committee systems and data, the human factor should always
regards to each ESG pillar. Goldair Handling has established a framework of To preserve the security and integrity of the systems be part of the Cyber security equation. For that
dedicated committees responsible for quality issues the Company has focus on two main pillars. The IT reason the Company has issued several cyber
Safety Review Board (SRB) in each of Company’s stations. The main station infrastructure and the human factor. All IT systems security policies to inform and alert all the users of the
Health and Safety remain always foremost priorities committee includes the CEO, the CSO, Quality & have been implemented in line with the latest cyber potential threats and the attention required form their
for the Goldair Handling. Safety Review Board (SRB) Environment Manager, the Athens Station Manager security guidelines and best practices, while the side, while a standard cyber security training and
is the body tasked with maintaining optimal Health as well as local managers, supervisors and process latest achievement of ISO27001 simply justifies awareness program is running on a yearly basis for
and Safety conditions throughout all stations where owners and any issues identified are communicated that. However, there is no IT system 100% cyber all Company’s employees. Furthermore, on a regular
the Company has presence. Additionally, in Athens directly to the BoD. For the regional stations, a secured and so the Company has also focused in basis a social campaign is running to evaluate the
Station the Ground Safety Action Group (GSAG) special team consisting of the Station and Regional implementing as many redundancies and backups level of awareness, in order to shape and adjust
is specifically responsible for ground operations in Manager, environmental coordinator and section procedures possible, to eliminate any potential data the training program accordingly. Sustainability is
Athens Airport. Moreover, the Company established supervisors, document the outcomes of their reviews losses and ensure a quick recovery in case of a directly related to IT systems availability and integrity
the Cargo Safety Action Group (CSAG) in order and communicate them to the BoD as part of the Cyber-attack incident. All redundancies and backup and thus the Company treats both of them with the
to supervise and evaluate the cargo’s operational Management Review report. policies are reviewed regularly to follow Company’s required level of attention and importance.
28 ESG & SUSTAINABILITY REPORT 2021-2022 29