Page 31 - Goldair_Handling_F WEB
P. 31

Governmental Principles


            Risk Management                                    Data Protection
            In Goldair Handling we have a careful and          In the process of our daily operations, our employees
            considered approach to risk. We believe that       come into contact with private information which
            an ownership structure encourages a long-          requires delicate treatment and specific procedures. All
            term outlook and that the systems applied,         issues related to data management and protection are
            help us manage risk effectively across our         managed by the Personal Data Protection department
            global operations. The BoD is responsible for      which is also responsible for raising awareness on
            mitigating the business risks but day-to-day       data protection practices and the implementation of
            oversight has been delegated to the appropriate    the Data Protection Policy as it was revised in 2022.
            committee. Each committee, coordinating with       Goldair Handling is fully committed to complying with
            the responsible department run risk identification   the European Union Regulation 2016/679 (GDPR)
            and analysis processes regularly and establish     to ensure the proper management and protection
            proposals for the management.                      of clients' and passengers' data. Furthermore, the
                                                               Company proceeded with the following actions:
 Extended Committee  workplaces in safety issues. Through their joint
 Goldair  Handling’s  management  team  meets   efforts, they ensure the implementation of all related
 on a monthly basis with the participation of an   procedures and the effective management of related   The control of existing data protection   The revision of the internal audit
 extended management group of opinion leaders.   incidents.  technical measures, by implementing the   plan, incorporating privacy issues.
 The Committee internalizes the strategic direction of   necessary amendments and adaptations.
 Goldair Handling and takes collective ownership for   GDPR Committee   The design and implementation
 business development. Furthermore, the Committee   The importance of the protection of personal data in   Implementation of secure passwords   of an electronic data retrieval plan.
 a vital part in supporting the core leadership team in   Goldair Handling is highlighted by the existence of   policy.
 designing and executing strategic priorities.   the GDPR Committee and its significant role in the   The distribution of written instructions   The creation of a special training
 operation of the Company. The GDPR Committee is   on the compliance of the Company's   program on personal data protection
 ESG Committee  headed by the BoD Vice President and supports the   departments in matters of data   issues, to inform all staff.
 The responsibilities of the ESG Committee involve   Management in all matters related to the application   management and protection.
 the review and consideration of the ESG impacts of   of and compliance with the rules of the GDPR
 the business. Its members comprise executives from   framework and the management of incidents.   Cyber Security  needs but also to adopt any new security standards
 all major departments of Goldair Handling: Human   The membership of the Committee is made up   Our Company maintains Cyber Security high in   and best practices of the IT industry.
 Resources; Finance; Commercial/BD; Operations;   of the Internal Auditor & DATA Protection Officer   the agenda of sustainability, as it is a critical factor
 Quality, Environment & Sustainability; Marketing;   (DPO), the CSO, Quality & Environment Manager,   affecting  all  Company’s  operations.  The  size   Almost all types of cyber-attack incidents are relied
 and International Network Projects, as well as the   the IT Manager, the Legal Advisor and Deputy Data   and exposure of the Company requires special   on the human factor and more specific on the human
 Company Vice-President. The Committee, which is   Protection Officer.  attention when it comes to Cyber Security and thus   error. So, no matter how advance and sophisticated
 headed by the CEO meets at regular intervals and   a significant budget is allocated every year.   security systems the Company use to safeguard
 assesses the overall progress of the Company with   Quality, Environment & HACCP Committee  systems and data, the human factor should always
 regards to each ESG pillar.  Goldair Handling has established a framework of   To preserve the security and integrity of the systems   be part of the Cyber security equation. For that
 dedicated committees responsible for quality issues   the Company has focus on two main pillars. The IT   reason the Company has issued several cyber
 Safety Review Board (SRB)  in each of Company’s stations. The main station   infrastructure and the human factor.  All IT systems   security policies to inform and alert all the users of the
 Health and Safety remain always foremost priorities   committee includes the CEO, the CSO, Quality &   have been implemented in line with the latest cyber   potential threats and the attention required form their
 for the Goldair Handling. Safety Review Board (SRB)   Environment Manager, the Athens Station Manager   security guidelines and best practices, while the   side, while a standard cyber security training and
 is the body tasked with maintaining optimal Health   as well as local managers, supervisors and process   latest achievement of ISO27001 simply justifies   awareness program is running on a yearly basis for
 and Safety conditions throughout all stations where   owners and any issues identified are communicated   that. However, there is no IT system 100% cyber   all Company’s employees. Furthermore, on a regular
 the Company has presence. Additionally, in Athens   directly to the BoD. For the regional stations, a   secured and so the Company has also focused in   basis a social campaign is running to evaluate the
 Station the Ground Safety Action Group (GSAG)   special team consisting of the Station and Regional   implementing as many redundancies and backups   level of awareness, in order to shape and adjust
 is specifically responsible for ground operations in   Manager, environmental coordinator and section   procedures possible, to eliminate any potential data   the training program accordingly. Sustainability is
 Athens Airport. Moreover, the Company established   supervisors, document the outcomes of their reviews   losses and ensure a quick recovery in case of a   directly related to IT systems availability and integrity
 the Cargo Safety Action Group (CSAG) in order   and communicate them to the BoD as part of the   Cyber-attack incident. All redundancies and backup   and thus the Company treats both of them with the
 to supervise and evaluate the cargo’s operational   Management Review report.  policies are reviewed regularly to follow Company’s   required level of attention and importance.



 28         ESG & SUSTAINABILITY REPORT 2021-2022                                                          29
   26   27   28   29   30   31   32   33   34   35   36