MADRID: Troll any job site and one of the big demands now is for Data Protection Officers. Why? Because companies worldwide are suddenly aware of the implications now of meeting the strict requirements of the General Data Protection Regulation (GDPR) that takes effect across the European Union on May 25.
The GDPR imposes stringent privacy and data protection curbs on company anywhere that does business with anyone living inside the 28 member nations of the European Union.
And it imposes tough fines for failing to protect that data, letting it be abused, or for having it leaked. And that’s where DPOs come in.
According to the International Association of Privacy Professionals (IAPP), there’s an immediate demand for more than 28,000 DPOs in Europe or for US-based companies with customers in the EU. And worldwide, the IAPP estimates that there’s a demand now for 75,000 DPOs to help companies comply with the GDPR.
In the United Kingdom alone, over the past 18 months there has been a seven-fold increase in demand for DPOs.
When the GDPR takes effect next month, companies will have to put extra measures in place to manage and protect the personal data of clients — and will have to respond within 30 days to customers who want to know what specific information is held on file. And if there’s a data breach, every customer affected must be notified within 72 hours.
DPOs will be responsible for maintaining that data, training other staff in protecting that data, and ensuring that the data is deleted, should any customer living within any EU state make that request.
Marc French, a DPO for an email management company, has been fending off phones from recruiters at the rate of more than 10 a week. After January 1, when companies realised the full impact of GDPR and its effect on May 25, the phone calls increased dramatically.
GDPR contains a wide range of technically complex requirements and threatens fins as much as 4 per cent of a company’s annual revenues for failing to comply with the EU directive.
Wil Remes, a cyber security consultant based in Brussels said he’s been fielding about a dozen GDPR-related calls every week from clients in the US and Europe, with the US forms slower off the mark in dealing with the implications of the new rules.
“In the past two or three months, the demand has mostly been from US organisations,” he said.
— With inputs from agencies
