← All case studies

Aviation

Leading European airline

A central PII platform on Google Cloud. GDPR access and erasure requests went from weeks of manual work to minutes, with audit-grade evidence baked in.

Leading European airline
Client

A European airline serving millions of passengers a year. Their systems hold a lot of personal data on those passengers: profile information, booking history, payment details, frequent-flyer activity, travel preferences.

After GDPR came into force in 2018, the airline had to answer two new categories of customer request: subject access (give me everything you have on me) and erasure (delete it). Customer data lived in dozens of separate systems built up over decades, including reservations, loyalty, customer service, marketing, and operational platforms, with overlapping but inconsistent records of the same passenger.

Challenges

The fragmented data setup turned every GDPR request into a manual investigation:

  • Locating a single customer’s data meant searching dozens of systems by hand.
  • End-to-end response time stretched into weeks, well beyond the 30-day window GDPR expects.
  • Each team handled requests slightly differently, which created compliance risk and inconsistent customer experience.
  • The manual process produced poor audit trails. It was hard to show who accessed what data, when, and why.
  • Headcount that should have been working on product was tied up answering GDPR requests instead.
  • As more passengers learned what they were entitled to, request volume kept climbing, and the manual process did not scale with it.
What we did

We designed and built a centralised PII platform on Google Cloud:

  • A central PII repository on Cloud Spanner, used as the single source of truth for personal data, with ETL pipelines pulling and reconciling data from the legacy systems on a regular schedule.
  • A workflow engine on Cloud Functions and Pub/Sub that handled access and erasure requests end-to-end. On an access request, it compiled a complete report. On an erasure request, it propagated the deletion across connected systems.
  • Tight access controls and encryption around the central repository, plus structured audit logs (who, what, when, why) for every interaction with the data.
  • Capacity headroom for 10,000 requests per second, so growing volume would not force a rebuild later.
  • A self-service portal where customers could submit requests and authorised staff could process them, with identity verification on both sides.

The platform ran on Cloud Spanner, Pub/Sub, Cloud Functions, and Stackdriver, which kept it compact enough to operate without a dedicated SRE rotation.

Results
  • GDPR requests went from weeks of manual work to minutes.
  • Staff who had been doing manual data searches moved back onto product work.
  • Audit evidence for GDPR responses became consistent and easy to produce, which made internal and external reviews much cheaper.
  • The airline could respond to passengers inside the GDPR window without scrambling, which helped its standing with both regulators and customers.
  • Capacity headroom was large enough that growing request volume did not require new infrastructure work.
  • The central PII model also gave the data and analytics teams a cleaner view of customer data than they had before.

Working on something similar?

Send a few sentences about what you're building. We'll be honest about whether we can help.

Start a conversation