GCBA-08 · v1.0 · Public Draft

Data Privacy and Cybersecurity

Reasonable practices for protecting client and passenger data.

Number
GCBA-08
Version
1.0
Published
2025-01-01
Next review
2026-01-01

Purpose

Reduce privacy and cyber risk in charter brokerage operations.

Scope

  • All processing of personal and passenger data.

Core requirements

  • Publish a privacy notice.
  • Apply reasonable technical and organisational safeguards.
  • Have a documented incident response process.

Examples of acceptable practice

  • Role-based access, encryption in transit and at rest.

Examples of problematic practice

  • Sharing passenger manifests with unrelated third parties.

Jurisdiction notes

  • GDPR, UK GDPR, CCPA and similar regimes may apply.

Change history

VersionDateNote
1.02025-01-01Initial public draft.
This standard is educational and does not constitute legal advice. Members must comply with applicable law and regulation in every jurisdiction in which they operate.
Feedback

Standards evolve through public consultation. Share comments, dissenting views or proposed revisions.

Contribute to this standard →