While data protection was an almost unheard of field several years ago, today it’s one of the fastest growing segments of the IT industry. With more companies than ever developing large databases to track their supplies, customers, inventory, and other information, it’s becoming increasingly necessary for companies to take steps to guard the information they’ve collected.
Why do I need a Data Protection Officer?
While the desire to protect company, customer, and vendor information isn’t new, there are new laws that are requiring organizations to take a more active role in protecting their data. The EU recently passed the General Data Protection Regulation that requires certain businesses to have a Data Protection Officer. In order to comply with the rule, it has been estimated that nearly 28,000 DPOs will be needed by the end of 2018.
Specifically, the General Data Protection Regulation requires companies that process data with a public authority or that regularly monitor data subjects on a large scale to have a DPO and a plan in place to protect that data. It’s important to note that the rule not only effects companies that are biased in the EU, but also those that conduct business with its partner countries.
Because of the non-specific wording of the GDPR, one of the first steps that any company operating within the EU will need to take is to determine whether or not they are subject to the regulations in the law. It may be necessary to hire a security consultant on a short-term basis to determine this. Fortunately, ICS has plenty of experience in helping companies find professionals with specific skill sets and experience, such as the experience with EU law and IT security background that this position would require.
What is a Data Protection Officer?
In order to comply with the new regulation a Data Protection Officer must have, “expert knowledge of data protection law and practices”. Additionally, the DPO must have a good understanding of the organizations’s technical structure, organization, IT infrastructure, and technology.
It’s important to note that as long as an employee is capable of performing the basic functions of the role, there is no formal training requirement. This means that the job can be assigned to an existing employee. It is also permissible for an organization to hire an outside consultant or security firm to take on this role.
How will this effect my company?
Due to the massive penalties involved with ignoring the new GDPR, any company that meets the criteria and operates in at least some capacity in the EU will need to appoint a Data Protection Officer. For larger companies, this role is most likely already filled by a data security team. Small companies will most likely find it to be the most cost effective to hire an outside company to handle its data security issues.
Mid-size companies, however, will likely struggle to come into compliance with this rule. Keeping a full-time Data Protection Officer on staff might prove to be cost prohibitive, but it’s also possible that contracting with an outside firm may also run up costs beyond a sustainable level. In many cases, the solution might be to find a professionals with multiple skill sets who could act as the company’s Data Protection Officer while also performing other duties.
Since these positions are relatively new, it’s highly doubtful that companies will be able to fill this role simply by advertising a job vacancy. A better approach would be to work with a staffing agency to find a person who has the background and knowledge to meet the requirements of the job.
At ICS, we have years of experience in helping our clients fill positions such as these. We know how important it is to look beyond a job title and find people who can meet the requirements of a role like this. If your company is looking for ways to become compliant with the General Data Protection Regulation, click below for top talent.