L’investissement dans d’autres projets sur la connaissance et la conservation de la biodiversité contribue également à comprendre le dilemme associé aux services écosystémiques comme à la production des biocarburants durables. Si certains types de biocarburants destinés au transport routier peuvent avoir un impact négatif sur la biodiversité, le groupe Air France - KLM veut garantir l’utilisation de carburants aéronautiques durables qui ont l’impact le plus faible sur l’approvisionnement en nourriture, la biodiversité et un impact positif sur le développement local.
Passenger bookings, flight schedule management, baggage check‑in, the calculation of ticket prices, aircraft maintenance and crew information: IT is at the heart of all of Air France – KLM’s activities. Privacy and data protection constitutes a major operational and financial challenge for the business, and for customer trust.
The Air France – KLM Group manages its cybersecurity risks in liaison with the national authorities and cooperates with the relevant European agencies (EASA, ENISA). Air France – KLM also takes part in the cybersecurity working groups of the main professional airline associations (IATA, A4E, etc.) and contributes to research by associations specialized in cybersecurity (CLUSIF, CESIN, CIGREF, R2GS, European Aviation ISAC).
Permanent benchmarking and an independent cyber rating agency enable Air France – KLM to be compared with other companies in the air transportation industry. In December 2019, the Group was ranked amongst the leading large companies. Air France – KLM also calls on the expertise of leading consultants in the cybersecurity market and actively cooperates with companies with which its Information System is connected.
To offer the best level of protection on the ground and in the air, the Air France – KLM Group has developed four major cybersecurity programs in recent years:
An annual presentation on these programs is made to the Group Executive Committee and to the Audit Committee of the Board of Directors, guaranteeing sponsorship at the highest level of the company. These programs are supported by Cybersecurity Governance composed of:
In force since May 25, 2018, the European General Data Protection Regulation (GDPR) to protect personal data firstly extended the rights of data subjects and, secondly, strengthened the accountability and obligations for data controllers, requiring proof of compliance on personal data protection.
To respond to the GDPR requirements, in 2018 Air France and KLM deployed a broad‑ranging program to reinforce their cybersecurity policies and define a strengthened personal data management framework to ensure compliance with privacy by design and by default principles.
In 2020, based on a Customer Digital audit, several key points were identified which can also be applied more generally to data privacy governance:
several steps forward were achieved on improving progress monitoring within a sole governance framework with, notably, the implementation of improved meeting structures and a dashboard;
The overall effectiveness of the privacy compliance framework is assessed on a regular basis thanks to a dedicated Internal Audit program. This framework was improved and reinforced in 2019 and 2020. An ex post audit will be carried out to ensure the adequacy of the improvements made. The risks associated with the protection of privacy and data are becoming increasingly material, meaning that privacy and data protection compliance remains an absolute imperative for the Air France – KLM Group.
In 2020, alongside with of GDPR requests sent directly to the companies, Air France and KLM registered and handled a total of “14 complaints” concerning personal data complaints, 6 came from the Dutch DPA (Autoriteit Persoonsgegevens) and 8 came from the CNIL (which is the reference authority in France).