The big news is still creating ripples – General Data Protection Regulation (GDPR) will come into effect on 25 May 2018 and will require all EU companies to comply with stricter rules concerning the data protection and privacy of data subjects (citizens) within the European Union. The decision for new regulation comes in the wake of increasing security breaches. The Data Protection Commissioner reported a whopping 2795 valid data security breaches last year, an increase of 26% from 2016.
Many GDPR experts predict tough times ahead for non-compliant businesses and suggest allocating a substantial level of resources to meet GDPR requirements. Hiring a Data Protection Officer is the most essential step in this direction.
A recent research has revealed the growing concern that European businesses are not yet ready for the GDPR. What’s shocking is that even though almost 97% of EU companies admit that the implementation of the GDPR will considerably affect their business, only 5% say that they are completely prepared for the latest data regulation. Another 33% have stated that they are half way there.
In this context, Data Protection Officers (DPOs) have become the most needed professionals in the business world. According to a recent research, about 25% of all DPO vacancies have been posted in 2018, just months before the regulation is to come into effect. This shows how unprepared EU businesses are and how they have left compliance to the last minute.
Why GDPR Data Officer
Under the GDPR, you must appoint a DPO if you meet any of the following criteria:
- You are a public authority (except for courts acting in their judicial capacity);
- Your core activities call for large scale, regular and systematic monitoring of users (for instance, online behavior tracking);
- Your core activities comprise large scale processing of special categories of data or data related to criminal convictions and offences.
The Hunt for GDPR Data Officers
A recent report by Joblift shows that in the last 12 months, 3,911 Data Protection vacancies were advertised and these positions saw an average monthly increase of 11%. Of the total vacancies, London made up 50% of all the Data Protection vacancies advertised in the last 12 months.
Joblift’s study further found that barristers were the most popular professionals amongst DPOs and as many as 356 vacancies specifically sought candidates with a Law degree. Coming in a close second with 528 vacancies were Legal Affairs Policy Assistants.
Did you know that companies that handle data of EU citizens are subjected to GDPR even if they are not located in the EU? Surprising, eh? A related study predicts that 28,000 DPOs will be needed for regulated organizations to achieve the much acclaimed GDPR compliance. It’s no wonder then that DPOs are the most sought after professionals in the EU today.
The role of a data protection officer (DPO) under the GDPR
By definition, a data protection officer (DPO) is an enterprise security leadership role required by the General Data Protection Regulation (GDPR). The regulation requires the DPOs to be responsible for overseeing data protection strategy and implementation so as to ensure compliance with GDPR requirements.
Here’s a quick look at the responsibilities of DPOs:
- Educating the company and staff on crucial compliance requirements
- Training the staff involved in data processing
- Conducting timely audits to ensure compliance and address potential issues proactively
- Being the point of contact between the company and GDPR Supervisory Authorities
- Regularly monitoring the performance and providing feedback on data protection efforts
- Maintaining comprehensive records of all the data processing activities (including the purpose of all processing activities, which must be made public on request)
Beware of fines for non-compliance:
According to GDPR consultants, non-compliance with the regulation can mean stringent action and fines too. Failure to comply with the DPO requirements as mentioned in the GDPR may result in administrative fines of up to €10 million or up to 2% of worldwide annual turnover – whichever is greater.
While it is easy to fall prey to the widespread anxiety related to the new regulation, businesses should first assess whether they are even obliged to appoint a DPO under GDPR. They should also consider the requirement that DPOs should act independently and without any conflict with the business when performing their duties. The GDPR has given the businesses the liberty to choose whether they want appoint an internal or external DPO.