EU GDPR and Data Protection Officers
With the way data has exploded both within its own microcosm of technological advancements and on a global scale demanding organisations worldwide revolutionise the way they do business, it was inevitable that regulatory measures would mirror its evolution. The transfer of data, not only inter-departmentally but across international boundaries has become as commonplace as post-work drinks, with twice as many risks involved should attitudes get lax.
Where there is data there must be measures in place to protect it and the EU GDPR, due to land May 2018, serves to provide a necessary update on the existing EU Directive 95/46/EC as well as individual national laws governing data protection.
For many companies there is an expectation not only to upgrade and upskill their compliance and cyber security teams but also to hire an additional body to ensure they are GDPR-ready. Data Protection Officers (DPOs) will be a key hire for most companies preparing for the new Regulation, presenting new opportunities for those with the relevant experience and skillset.
DPOs are expected to possess both the technical know-how surrounding data protection law, as well as being able to apply the law in practice in order to be able to keep organisations compliant with the Regulation. From carrying out data protection impact assessments, to generating and maintaining a data protection register and managing data classification; DPOs must keep organisations informed and adequately advised of their data protection obligations and constantly monitor their compliance and performance.
A senior role reporting to top level management, a Data Protection Officer must be able to adapt their communication methods to both those at the helm of an organisation as well as to the many departments that make up the majority of the business. Strong, and strategic communication skills are thus a necessity of the role. Confidence in asserting your ideas and relaying your advice to the business with authority are key, as is the need for discretion in treating the information just as you expect your organisation to treat its data.
There are many crossovers with audit, making the bridge between a career in Internal Audit or IT Audit and Data Protection a relatively simple one. Not only possessing those effective means of written and verbal communication but also applying logic and reasoning with strong analytical skills are expertise employers look for in both their audit team and in those with the potential to take on the role of DPO. Data Protection Officers may also be asked to audit suppliers’ data protection activities, so swotting up on supplier management would be something to give candidates an advantage. Demonstrate your aptitude for working independently and even more importantly that you have a strong working knowledge of the business, as this is vital for ensuring you don’t let any function go overlooked or unexplained to best protect the data created by the organisation at large.