Designed to give people more control of their data, the new set of rules relating to gathering, processing and storing of data presents businesses with a new set of challenges.
With tougher fines in the offing for data breaches and non-compliance, it is no wonder that there is a heightened state of concern.
With all kinds of changes afoot, some companies are having to fill a new post – that of Data Protection Officer (DPO).
The exact nature of who and how this post is filled is not specified in the new set of regulations as it is down to individual companies as to how they will meet this obligation
Does every business need a DPO under GDPR?
The hiring of a data protection officer is stipulated under GDPR rules if the core activities involving data processing is something that happens regularly and on a ‘large scale’.
The definition of scale is not given in the regulations and so it is for each company to determine if their data processing meets this definition or not.
But it seems that many businesses are not taking the chance. And no wonder – with fines of up to 4% of global income, companies are falling in line with GDPR and advertising vacancies for DPOs rather than face a hefty knock to their business.
Who is advertising for DPOs?
One prominent job website and recruiter has noticed a significant increase in DPO vacancies being advertised, not a surprising statistic in itself.
Thus far, some 4,000 DPO vacancies have been advertised, a quarter of which appeared in the first few months of 2018.
As an average, DPO vacancies account for 3% of job adverts placed in the UK each year, but with GDPR on the horizon, this has jumped to 11%, a lion’s share of the vacancies advertised.
And it doesn’t seem like it will stop any time soon, either.
Big names searching for DPOs including large accountancy firms PricewaterhouseCoopers, prominent law firm Addleshaw Goddard, and Government departments and agencies such as HM Land Registry.
Of the posts being advertised, the trend follows where big businesses are. Of the vacancies advertised for this kind of post, half were in London, 4% in Manchester, followed closely by Birmingham at 3%.
Who fills this role?
The GDPR rule set specifies that a data protection officer should have expert knowledge of data protection law and practices meaning that current DPOs or anyone with this responsibility as part of their job role are swotting up on GDPR and all that it entails.
Businesses seem to be interested in people with legal and security backgrounds, with barristers, legal affairs policy assistants just two backgrounds that firms seem to be looking for.
Does this affect you?
It may be that your business doesn’t need a DPO, but you still need to be GDPR compliant by the time the introduction date of mate May 2018 rolls around. How can we help?
How can we help you?
If you’re in need of assistance with any aspect of ISO or GDPR compliance, here at Synergos we’d be delighted to help. Whether you have questions about the path to compliance or are looking for advice and support to maintain compliance, call 01484 817 444 or Email firstname.lastname@example.org and we’ll be happy to talk it over with you.