top of page

Aviation Industry & GDPR Violations

Privacy Security and Policy is a global issue. It is however a predominant one in the recruitment world because of the nature of the system which allows for sharing and transfer of personal data. Everyone has a right to live and maintain a private life or relationship in whatever form of it with any corporate institutions or organizations regardless of the basis of such connection. Such relationship usually involve transfer or sharing of personal data and private information to serve specific purposes as recruitment, identification, purchase, shipment and other forms of application. Yet, publishing or third party disclosure of privately owned data are not allowed as that may amount to a breach of partnership terms, certain compliance and stated principles/laws. Hence, privacy policy compliance has become a major component of most company-individual relationship or transactions.

Privacy policy represents support for personal, social and professional information security, and transparency between information owners and communities, enterprises or organizations with which they are shared. Even so, everyone still possess that exclusive right to keep certain information about them undisclosed except on sparing but specific grounds of unavoidably. Similarly, the parties with which individual information are shared for whatever purpose are expected to keep them undisclosed to third parties as well as make information owners possess transparent right & close monitoring to the use of their details. Distant to this ethics, a lot of Aviation companies in the industry still live below expectations, hence are subjects of the General Data Protection Regulation (GDPR) violation.

The GDPR is a new law which strengthens the rights of individuals to privacy and protection of personal data. The law functions by placing the burden of ensuring compliance on organizations in securing the data of individuals that relate with them on one or more grounds where individuals are required to present their personal data. The law has important highlights spanning from its general provisions, to principles, rights of data subjects, controller and processor, supervisory authorities, cooperation and consistency, remedies, liabilities, penalties and lots more, all which are strategically organized and factored to form a whole that preaches privacy and personal data security. However, the clever question to ask is how exactly the GDPR is related to recruiting, especially given the current inconsistency in the aviation recruitment systems.

In the realm of recruitment, GDPR relate with three basic terms. Candidates are referred to as data subjects because they could be traced and identified via data made available to the firms. Employers are called data controllers because they determine the purpose for which data are collected, and are fully responsible for the lawful use and protection of individuals’ data. Similarly, Application Tracking Software (ATS) are referred to as data processor. This is because they process individuals’ data on behalf of the company according to preset programs. It thus become very important to learn how GDPR affect aviation recruiting across these branches to serve as illuminations to the current odds, violations and inconsistency in the industry.

First, the GDPR situates that personal data should only be requested for legitimate, explicit and specified purposes. This means that information solicited from candidates for aviation recruitment purposes are not supposed to be used for other reason other than the primary. The clause of ‘specific’ also means that such data should only be processed or used within the specified time, which other than, will result into a breach of privacy. Most aviation firms fall victim of this via ignorance inspired sense of loyalty to candidates or an unquenchable hunger for active application and resume accumulation on their platforms. They either solicit for resume, personal photos, passport copies when they do not have an available vacancy at the moment or call for data to be saved up for future application. This is a clear breach of the GDPR compliance as though it might not be against the clause of legitimacy (because the resumes are solicited for job reasons) but clearly is opposed to that of specificity and explicit purpose (especially if candidates are not informed their applications are being saved for future applications).

Similarly, the law approves that candidates consents should be sought before sensitive data are being processed. What is referred to as sensitive data include disability, cultural or genetic information retrieved for the purpose of background checks. Consents are expected to be sought in clear and intelligible way so as to help candidates decide whether to withdraw consent or approve allowance. Just like consent is needed, accessibility is equally important. Some airlines receive photos and videos via online application system without a publication of their security policy and the rights for individual candidates to delete their data on their own, when they are no longer interested in their vacancies. This is a clear privacy policy infringement. Some airlines also solicit resume, emails and other personal data from candidates and go on to share those details with other department in the dare of privacy infringement. In some instances, aviation firms keep candidates’ data for too long in their system in the name of securing future job matches for them. All these are totally against the GDPR stipulations and are nothing but dares against it. The ideal thing to do is to be transparent with candidates, supplying them with updated privacy and security as the case may be, as well as delete stale data not later than 6 months of unsuccessful applications. However, candidates are allowed to reapply to positions on their platforms in sight of new opportunities.

Further, many aviation firms and airlines faultily or ignorantly accrue all the powers, perhaps absoluteness to themselves in the processing of candidates’ data during recruitment, thus hunting down the need for transparency. This is wrong in its totality. The GDPR posted that firms must have clear privacy policies which would be unbiasedly made available to every candidates. Data is not supposed to be disclosed to other departments but used for recruiting alone. The question of transparency doesn’t end at that, it is stated by human resource professionals in compliance to the GDPR rules that job applicants have every rights to interview notes from relevant filling system. Applicants are also afforded the right to request copies of their personal data that firms hold about them. This must at best be made accessible according to specific criteria. Recruiters and employers are therefore expected to decide on the appropriate storage means for interview notes pending requests. This would also protect the firm in case applicant feel to query or contest the firm’s selection decision based on claims of discrimination. Candidates have the rights to know how they are assessed.

In cases where aviation firms utilize electronic screening portal such as video interviewing process and software systems, and they are interested in keeping applicants data in file more than the duration of the current vacancy, their application processes are expected to be in the GDPR workflow setup sync in either of these two ways. First applicants must be specifically asked if such permission is granted, upon which they would be able to keep data on their files, and if such consents are not earned, firms are not allowed to keep the applicant’s details on their systems for more than the closing period of the vacancy. This is because it has been identified that most companies secure applicants data for resale, hence tantamount to an infringement on candidates’ privacy as stipulated by guiding laws.

Fundamentally, the GDPR wants to be sure that applicants are only asked to supply job related information, ensure that their consent are sought for the processing of their data, enforce that firms must be accountable for candidates’ information and transparent in their approach to application processing, and if in use, make sure that recruitment software vendors are GDPR compliant. Consequently, as a cabin crew applicant, applicants have the right to ask a employer to delete their data. Applicants must be able to access the data to do the deleting on their own too. They can requests that corrections be made on their data in possession of any firm. Basically, the GDPR is seemingly an unbiased law that protect individuals and firms against the mishandling, unapproved transferring and merchandising of individuals’ privacy rights, while also shielding recruitment firms from legal battle with clients to avoid infringements. Henceforth, aspiring cabin crews are advised to seek for compliance in the region of their own protection with whatever aviation or recruitment firm they deal with in their career chase. Many agencies still relying on Gmails and while not many aviation firms could promise you perfect GDPR compliance, Meccti is surely a brand to trust, which has its own jobsite

10 views0 comments
bottom of page