What Does a Data Protection Officer Do?
Data protection has become a more centralised issue for modern businesses, particularly since the advent of the EU GDPR in 2018. As such the demand for those with the experience and skills to take on the role and/or responsibilities of Data Protection Officer is high.
Still a relatively new role in many companies, the practical application of Data Protection Officer jobs will vary from one organisation to another. Smaller and medium-sized firms are less likely to carve out a specialised role, preferring instead to add those data protection duties onto an existing well-qualified employee. Whereas larger organisations, or any size firm whose focus is on data collection or storage, will have an allocated Data Protection Officer (DPO).
The DPO is a company’s compliance conscience. They are responsible for implementing data protection, and data privacy strategies and maintaining a culture of compliance throughout the organisation.
They do this by creating a set of guidelines for everyone in the business, from the most senior to the most junior, and ensure they are adhered to. This could also involve setting up training for relevant employees, mentoring certain employees with specific skills, and monitoring the company’s Data Processors.
They will also need to make sure all data is up to date and that policies involving destruction of data are followed. So in this regard they must be able to demonstrate an in-depth understanding of current data protection legislation, though also be aware of any changes coming. Subscribing to relevant blogs, newswires, newsletters and so on is useful so that they can be one step ahead.
The DPO will be called upon to communicate important information to senior management, and as this will typically involve highly sensitive data, the type of person who works in Data Protection at this level will need to be discreet and handle that information in an appropriate manner. They should also be able to communicate clearly and across all areas of the business. Part of the job is to educate the company about compliance as well as to be the go-between for the company with any supervisory bodies such as regulators and so on, that oversee data-related activities.
Beyond communication skills, a good Data Protection Officer needs to be proficient in IT skills and have some experience in certain software applications that are necessary for the role, such as SolarWinds, LogicGate, privIQ and Wired Relations. Working in Data Protection also requires some practical experience within cyber security, dealing with real security incidents in that role that will help inform their handling of risk assessments, relevant cyber security countermeasures and data protection impact assessments.
The Data Protection Officer acts as legal consult on privacy, data-sharing and the transfer of data as well as drafting, negotiating and reviewing any data protection-related documentation. The job requires those that are quick to pick up new information and skills as privacy laws and policies are ever-changing and data itself is an area in a state of perpetual innovation and flux.
Most companies like to pluck their DPO from their internal pool of employees as that person will already be furnished with a solid understanding of the how the business operates and the specific data handling needs of that industry. So those people who have already been working in the organisation for 5 or more years, typically in a privacy or compliance-related, or risk management position will be first up on the hiring manager’s list. Though it is critical for that person to retain an objective independence when moving into the role of Data Protection Officer as they must be able to provide unbiased and honest advice to the business.
You can come to a Data Protection Officer role via Information Governance, Information Security. HR, Cyber Security, Information Technology, or even Finance and Business Administration. As long as the candidate can show their previous role has given them adequate experience in some type of information security based role.
Data Protection jobs in the UK tend to start around the £30,000-35,000 per year mark, with the average UK salary hitting in the mid £40,000 and sliding up to £65,000 for the more senior positions.