GE101 - DATA PROTECTION POLICY

EMPLOYEE AWARENESS TRAINING

Version 1 |Effective date 01AUGUST18 | Prepared by SPI Head of Global Training | Approved by: SPI SVP Global Operations
SPI Head of Legal Department
CONTENTS

1. What is “Personal Data”?

2. Who does this apply to?
3. Why Personal Data should be protected?
4. What it means to you?
5. What to do if data security is breached.
WHAT IS PERSONAL DATA?

Any information relating to an identified or identifiable natural person

(“Data Subject”), in particular, information referring to:
• Name
• Identification number
• Location data
• Information regarding:
• physical, physiological,
• genetic, mental,
• cultural, social identity,
• religious or political beliefs,
• sexual orientation,

• plus other information….

WHO DOES THIS APPLY TO?

Think for a moment about the work you do.

What information from the previous list do YOU come into contact
with?

PNL
PIL
PSM
 WHY PROTECT PERSONAL DATA?

Legally required.

€$£
Potential fines or penalties.
(good business sense).

Respect for people’s rights for data privacy, including YOUR data.
WHAT IT MEANS TO YOU_ (Do’s and Don’t’s) 1/3
Only the minimum Personal Data shall ever be
collected.

It shall be stored safely (hard copy locked away

securely). Electronic Personal Data shall be stored only
on secure Company IT (not on unprotected personal
drives).
Password protect e-mail attachments containing
sensitive personal data (e.g. employee medical & illness
report).
You must not share Personal Data with any party
- unless authorized to do so*.

Computer users - always lock before leaving!

*e.g. written permission of the data owner, Law Enforcement Officers in the
prevention of a crime or pursuit of criminal activity, exceptions granted by law.
WHAT IT MEANS TO YOU? (Do’s and Don't’s) 2/3

DO’s:
• Follow a clean desk / work environment policy.
• Dispose of hardcopies and Swissport portable drives safely.
• Keep security doors shut (even if it might get hot).
• Ask line managers, your HR manager or Swissport Legal for help.
• Report incidents or data privacy concerns to your superior, HR or
Swissport Legal.

Remember wherever you are in the world, take care of

personal information!
 WHAT IT MEANS TO YOU? (Do’s and Don't’s) 3/3
DON’T’s:
• Do NOT share your access information with
anybody.

• Do NOT leave luggage tags lying around.

• Do NOT take pictures of any Personal Data.

• Do NOT publish or share any customer’s,

passenger’s or other person’s Personal Data via
any social media channels.

• Do NOT enter Personal Data in open, unprotected,

lists.
 WHAT TO DO IF DATA SECURITY IS BREACHED
What is a data incident?
An event where Personal Data is accidentally or unlawfully:
• destroyed, deleted, lost, or modified,
• taken out of Swissport,
• transmitted or disclosed to third parties.
Breach Notification:
IF you think there has been a data incident inform your supervisor,
your HR manager or the Legal Department without delay. They
will deal with the notification process and inform business partner or
Supervising Authority.
• A data incident must be reported to our business partner asap (e.g.
to the airline, usually within 24 hours as agreed in the contract).
• In some cases Swissport may need to file a data breach report to
the Authority (GDPR: Within 72 hours).
 Manager Do’s and Don’t’s (1/2)
DO’s
• Monitor and review your processes and identify where Personal
Data are dealt with.
• Make a check how well your people are protecting Personal Data
• Entrust the right people in your organization with Data Protection
duties, ensure instruction and monitoring.
• Consider the impact of new applications on Personal Data.
• Show commitment for Data Protection towards your employees,
with the right “tone from the top”.
• Provide trainings on Data Protection requirements to newly hired
employees as well as existing employees.
• Liaise with your peers on local, regional and HQ level to align on
Data Protection requirements throughout Swissport.
• Monitor and follow your local/state/country laws applicable.
Manager Do’s and Don’t’s (2/2)

DON’T’s

• DO NOT try to “delegate away” Data Protection responsibility.

Each Swissport company must be compliant with the laws, and its
local management is responsible.

• DO NOT implement new applications or processes without

considering Data Protection requirements and establishing a
privacy impact assessment if Personal Data are concerned.
MORE INFORMATION

Please consult your manager, your local HR, Local Legal or Data
Protection Officer or the Swissport International Legal Department if
you have any questions.

Queries can also be made to: ask.dataprotection@swissport.com

Data Protection Portal on: swissport.sharepoint.com

Full details in the Data Protection Policy

Swissport International Ltd. · P.O. Box · 8058 Zurich-Airport · Switzerland
www.swissport.com