Data protection officers see job offers skyrocket with looming European regulation

The European Union's General Data Protection Regulation, which will give citizens more control over their online information, is set to take effect in May. Now companies around the world are improving consumer data monitoring, with the help of many more employees.

|
Susan Walsh/AP/File
Justin Brookman, the director of Consumer Privacy and Technology Policy at the Consumers Union, testifies for a Senate hearing on an Uber data breach on Feb. 6, 2017 in Washington. Strict European data legislation will soon drive companies like Uber to invest in greater data protection.

They may not have the cachet of entrepreneurs, or geek chic of developers, but data protection officers are suddenly the hottest properties in technology.

When Jen Brown got her first certification for information privacy in 2006, few companies were looking for people qualified to manage the legal and ethical issues related to handling customer data.

But now it's 2018, companies across the globe are scrambling to comply with a European law that represents the biggest shake-up of personal data privacy rules since the birth of the internet – and Ms. Brown's inbox is being besieged by recruiters.

"I got into security before anyone cared about it, and I had a hard time finding a job," she said. Brown is the data protection officer (DPO) of analytics start-up Sumo Logic in Redwood City near San Francisco.

"Suddenly, people are sitting up and taking notice."

Brown is among a once rare breed of workers who are becoming sought-after commodities in the global tech industry ahead of the European Union's General Data Protection Regulation (GDPR), which goes into effect in May.

The law is intended to give European citizens more control over their online information and applies to all firms that do business with Europeans. It requires that all companies whose core activities include substantial monitoring or processing of personal data hire a DPO.

And finding DPOs is not easy.

More than 28,000 will be needed in Europe and the US and as many as 75,000 around the globe as a result of GDPR, the International Association of Privacy Professionals (IAPP) estimates. The organization said it did not previously track DPO figures because, prior to GDPR, Germany and the Philippines were the only countries it was aware of with mandatory DPO laws.

DPO job listings in Britain on the Indeed job search site have increased by more than 700 percent over the past 18 months, from 12.7 listings per every 1 million in April 2016 to 102.7 listings per 1 million in December.

The need for DPOs is expected to be particularly high in any data-rich industries, such as tech, digital marketing, finance, health care, and retail. Uber, Twitter, Airbnb, Cloudflare, and Experian are advertising for a DPO, online job advertisements show. Microsoft, Facebook , Salesforce.com, and Slack are also currently working to fill the position, the companies told Reuters.

"I would say that I get between eight and 10 calls a week about a role [from recruiters]," said Marc French, DPO of Massachusetts email management company Mimecast. "Come Jan. 1 the phone calls increased exponentially because everybody realized, 'Oh my god, GDPR is only five months away.' "

GDPR requires that DPOs assist their companies on data audits for compliance with privacy laws, train employees on data privacy, and serve as the point of contact for European regulators. Other provisions of the law require that companies make personal information available to customers on request, or delete it entirely in some cases, and report any data breaches within 72 hours.

On a typical day, Mr. French said he monitors for any guidance updates for GDPR, meets with Mimecast's engineering teams to discuss privacy in new product features, reviews the marketing team's data usage requests, works on privacy policy revisions, and conducts one or two calls with clients to discuss the company's position on GDPR and privacy.

"Given that we're trying to march to the deadline, I would say that 65 percent of my time is focused on GDPR right now," said French, who is also a senior vice president of Mimecast.

The demand for DPOs has sparked renewed interest in data privacy training, said Sam Pfeifle, content director of the IAPP, which introduced a GDPR Ready program last year for aspiring DPOs.

"We already sold out all of our GDPR training through the first six months of 2018," said Mr. Pfeifle, adding that the IAPP saw a surge in new memberships in 2017, from 24,000 to 36,000.

Those companies who have DPOs, meanwhile, are braced for poaching.

Many of those firms reside in Germany, which has long required that most companies that process data designate DPOs. They include Simplaex, a Berlin ad-targeting startup.

"Everyone is looking for a DPO," said Simplaex CEO Jeffry van Ede. "I need to have some cash ready for when someone tries to take mine so I can keep him."

This story was reported by Reuters.

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Data protection officers see job offers skyrocket with looming European regulation
Read this article in
https://www.csmonitor.com/Technology/2018/0214/Data-protection-officers-see-job-offers-skyrocket-with-looming-European-regulation
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe