On May 25th 2018, EU introduced a new “General Data Protection Regulation” – GDPR
The General Data Protection Regulation (GDPR) aims to limit the spread of personal information and introduces strict requirements for companies that handle such data. It calls for a compliance-like review process to ensure proper data handling and protection.
This regulation came into effect on May 25, 2018, and non-compliance can result in substantial penalties—up to 4% of a company’s annual turnover, capped at €20 million.
In short, GDPR is enforced with significant seriousness.
When working with FlightLogger, it is important to understand two key GDPR roles that apply to your use of the system.
Data Controller:
This is you – the Data Controller: As the company using FlightLogger, you are primarily responsible for determining who can access personal data and how that data is handled for your European students. This means you must ensure that personal information is processed in accordance with GDPR requirements.
Data Processor:
This is us – the Data Processor: FlightLogger acts as a Data Processor, meaning we handle personal data on your behalf—for example, by generating reports based on the information you enter into the system. We process this data strictly according to your instructions and in compliance with GDPR.
Data Controller agreement
FlightLogger believes that any academy educating European citizens should establish a dedicated agreement with each student regarding data handling.
For example, EASA regulations require that student education records—such as lesson gradings—be retained for at least five years. This retention period exceeds what GDPR would typically define as “reasonable,” which is why it is essential that students formally agree to this and any additional data practices.
It is important to note that academies may also collect and manage other types of student data outside of what is stored in FlightLogger. Therefore, as the Data Controller, your organization is responsible for developing and maintaining its own GDPR compliance process to cover all relevant data activities.
This compliance process must be established, documented, and regularly reviewed to remain in line with evolving legal and operational requirements.
Data Processor agreement
Under the GDPR, all Data Controllers are required to have formal agreements in place with their Data Processors. FlightLogger is here to support you with this requirement.
We take GDPR compliance seriously and are currently working with a leading Danish law firm to prepare a standardized Data Processor Agreement. This agreement is less complex than a typical Data Controller agreement and is being designed to cover all necessary legal requirements.
We expect the agreement to be finalized within 1–2 months. To ensure compliance before the regulation’s effective date of May 25, 2018, all customers will need to accept this new agreement.
Once ready, we will notify you with instructions. Our goal is to make the process simple—most likely via an “Accept” button available directly inside FlightLogger.
More info?
Start preparing for GDPR now! If you have not yet begun this process, we strongly encourage you to get started as soon as possible.
There is a wide range of valuable information available online—simply search for GDPR to explore detailed guidelines, best practices, and official resources to support your compliance efforts.
While there is plenty of general information available, we strongly recommend that you consult with your own legal advisors.
FlightLogger cannot provide legal guidance in this area, but many law firms across the EU have already held free seminars and are well-prepared to assist with GDPR compliance. Engaging with a legal expert is the best way to ensure that your organization meets all requirements.