Godfather of GDPR
MEMBER OF EUROPEAN PARLIAMENT
JAN PHILIPP ALBRECHT
The European Union’s General Data Protection Regulation does not take
effect until May 25. But many a travel buyer and supplier, both inside and
outside the EU, was preoccupied in 2017 with assuring the significantly
strengthened data privacy rights it enshrines for customers, employees
and all other individuals.
Issues particularly pertinent to travel managers include giving travelers
who are EU citizens the potential to know who holds their personal data
and why and figuring out whether they need to obtain traveler consent
for the treatment of their data. Suppliers need to be more diligent in their
data protection and much prompter about reporting breaches; the scandal
in which Uber took 13 months to reveal a hack of 57 million customer records was only the latest reminder. Under GDPR, companies can be fined
up to 4 percent of global turnover for violations, a threat concentrating the
minds of those who may have overlooked
this issue in the past.
According to International Association of
Privacy Professionals European managing director Paul Jordan, the “godfather of GDPR”
is Jan Philipp Albrecht. The Green Party Member of European Parliament, a German citizen
who looks even younger than his tender 35
years, shepherded the legislation through
as vice chair for the parliament’s Committee
on Civil Liberties, Justice and Home Affairs.
“Albrecht was responsible for getting GDPR
past the post. He drove a lot of the argumentation,” said Jordan.
Albrecht, a law graduate, also has been a persistent critic of Safe Harbor
and its successor, Privacy Shield, frameworks that aim to transfer personal
data from the EU to align with Europe’s stricter data protection standards.
The dominance of U.S.-based service providers makes this a deeply important issue to global corporate travel, and one expected to resurface in 2018.
Meanwhile, preparations for GDPR continue. In line with one of the
regulation’s obligations, larger travel companies rushed to appoint data privacy officers in 2017, and a travel industry GDPR code of conduct is afoot.
Many a travel
buyer and supplier
in 2017 with the
Protection Regulation and the data
privacy rights it