The best data protection officers (DPO) can write their own ticket these days, commanding salaries of up to £1 million per year.
“What!? Why?” you may well ask.
Like any commodity, scarcity increases the price; and DPOs are rare indeed. And if they were rare before the European Union’s General Data Protection Regulation (GDPR) deadline, they will soon become downright priceless. Especially as we will need so many of them; the International Association of Privacy Professionals (IAPP) estimates that the number required in Europe alone will be at least 28,000.
The concept of the data protection officer (DPO) has been around for several years, particularly in industries dealing with personal data. The difference here is that, under updated GDPR rules, it is now mandatory for companies with over 250 employees to appoint one.
A DPO has to be a jack-of-all-trades; an expert in data protection and law, a key communicator between the C-suite and staff, and a leader capable of turning compliance issues into business opportunities - and that’s the REAL trick.
Organizations need to think seriously about how they can recruit for this role, as well as how they train staff effectively to ensure they are not left exposed to GDPR sanctions due to poor data practices.
The DPO will need to possess four important skill sets:
- Talking technology
According to the GDPR regulations, the DPO is required to offer guidance on risk assessments, counter measures and data protection impact assessments. DPO’s must have significant experience in data security, privacy, best practice, risk mitigation and information security standards certifications.
- Legal understanding
The DPO needs a strong knowledge of not only GDPR rules, but also other relevant EU legislation. This is in addition to understanding privacy and related laws in all jurisdictions that their organization does business in or outsources operations to. DPO’s are also required to act in an independent manner and maintain confidentiality.
- C-suite communicator
The DPO is a key communicator between the C-suite and employees and vice-versa. He or she is well placed to bridge the gap between the two and offer insights and recommendations for best practice. The DPO should also be thinking about the business opportunities that result from the processes put in place by the GDPR. This could be new ways of working, with more collaboration.
- People leader
DPOs need to have leadership and project management skills to mobilize the changes that GDPR requires within an organization. Business experience is vital for a successful DPO. When implementing changes within an organization, technology is often less than half the game. In this digital age, data is the new currency and it should be seen as a business enabler.
So, you can see why the DPO needs to be a jack-of-all-trades. If you do find that gem of a DPO, then hang on tightly; he or she can push your organization to make the most out of GDPR, using it as an opportunity for change and collaboration.