Summary: Since 2018, Iberia Airlines has driven its privacy program to adopt OneTrust. Started with assessments, then joined the mapping of data and cookie management. Today has greater visibility and control over the flows of personal data, which strengthens their compliance with the GDPR. Iberia demonstrated that an airline can run a program sophisticated and scalable global privacy thanks to OneTrust.
The challenge
Iberia operated with flows of distributed data and manually managed in different units (flights, web, apps, and assistance), which made it difficult to:
- Performing privacy assessments consistent and transparent.
- Clearly visualize the flows of personal data.
- Automate the management of cookies and consents on their platforms.
The solution
Iberia decided to implement OneTrust in several stages:
- Privacy Assessment Automation (2018): to automate the privacy impact assessments
- Data Mapping (2019): to create an inventory and traceability of personal data
- Cookie Consent Management: to manage automatically and centrally banners and records of consents
Results
- Automated assessments: greater agility and consistency in the management of risks
- Visibility total: flows of personal data is clearly identified and documented
- Consents centralized: the management of cookies is uniform in web and apps
Testimony of Iberia
“We now have full control over the processing of personal data that we do, with an intuitive tool that facilitates risk assessment and reporting.”
– Marta Cañas Miralles, Data Protection Officer (DPO), Iberia Airlines
Conclusion
Iberia demonstrates how a global airline can elevate your privacy with a scalable approach and systematic. The phased implementation of OneTrust allowed the company to achieve control, visibility and effective compliance in a regulatory environment becoming more demanding.
