One of the biggest changes to European data privacy law comes into effect on 25 May 2018. The General Data Protection Regulation, also known as GDPR, means that individuals will in future have more control over how their data is used. It will also ensure that organisations controlling or processing personal data will protect this more rigorously.
The aviation industry in general, and airlines in particular, handle incredibly large amounts of sensitive personal data – customer records, credit card details, employee files, security information etc. Generally the protection of this data has always been robust, with every individual having the right to know what information about them is being held on the computer system of any company, and to demand the deletion of that data if so desired and unless the company has a very good reason for retention.
Although this is a European regulation, it also demands compliance from airlines and other companies who process the personal data of European citizens, so in a worldwide industry such as aviation this will affect the majority of the major players around the world.