It’s almost a cliché to remind you of the impending step change due to occur on 25 May 2018 as the EU General Data Protection Regulation (GDPR) prepares to take effect. However, for those with the relevant skill set, the GDPR could mean an interesting twist in your career path as you assign your talents and expertise to the newly created role of Data Protection Officer (DPO) or assist in its function within your business.
As organisations across the UK, Europe and elsewhere in the world align their business practices with the incoming directive that will see huge penalties served for data and privacy breaches; the DPO role has found a place among the job market. While there is still uncertainty surrounding the exact requirements of a DPO and more importantly whether there are the candidate resources available to fill the some 28,000 roles needed, according to a study by the IAPP, to meet GDPR requirements; the reality is that with a DPO at the helm, there is expected to be cross-business collaboration between that individual and a variety of other business functions including IT, internal audit, marketing, compliance and legal.
So, arguably, one of the most important skills for a DPO to have is strong interpersonal and communication skills as they will be expected to liaise effectively with all areas of the business, and be able to translate legal and technical jargon into accessible language as they handle requests and complaints from data subjects, as well as raise awareness of the constantly evolving threat landscape and relevant technologies that could impact the business.
There is an expectation for those filling DPO roles to bring a solid amount of industry experience to the table, with between 5-10 years being the norm for companies looking to pay an average of £80,000 to those placed in the position. Thus, a level of seniority accompanies the job of Data Protection Officer who ideally has a substantial working knowledge of data protection law, including the GDPR and other relevant EU legislation such as the E-Privacy Directive as well as any and all privacy and related laws concerning their organisation and its operations internally and externally. Experienced candidates will be in high demand for GDPR jobs as the role of DPO will also see them working closely with their company’s board and those high up in the business.
Being confident in a position of leadership, possessing the integrity to respect the confidentiality of client relationships and the access to certain information that carries, as well as some experience dealing with a variety of business personalities and cultures are all useful traits for individuals seeking GDPR related opportunities. Employers looking to fill GDPR jobs in the UK and Europe are looking for individuals able to take the initiative and be organised and assertive when it comes to orchestrating their role.
Candidates with a background in external audit, such as CPAs and CAs, with extensive experience of conducting independent audits to assess compliance with laws, standards and practices would be a great fit for the DPO role. This experience coupled with the ability to remain objective is exactly the formula of an effective DPO.
Familiarity with security and privacy risk with regards data protection impact assessments and other paperwork and procedures pertaining to best practice risk mitigation and information security standards, is another area a DPO will need some understanding in, though the ability to discuss such topics with the relevantly experienced risk professionals within their organisations is in many cases, sufficient.
The key to this role, and essentially all GDPR jobs, is being able to collaborate with fellow experts in other areas of the business which complement the DPO function to ensure your organisation’s full compliance and risk mitigation in light of the impending EU legislation.