Rise of the data protection officer, the hottest tech
ticket in town
Send a link to a friend
 [February 14, 2018]
By Salvador Rodriguez
SAN FRANCISCO (Reuters) - They may not have
the cachet of entrepreneurs, or geek chic of developers, but data
protection officers are suddenly the hottest properties in technology.
When Jen Brown got her first certification for information privacy in
2006, few companies were looking for people qualified to manage the
legal and ethical issues related to handling customer data.
But now it's 2018, companies across the globe are scrambling to comply
with a European law that represents the biggest shake-up of personal
data privacy rules since the birth of the internet - and Brown's inbox
is being besieged by recruiters.
"I got into security before anyone cared about it, and I had a hard time
finding a job," said the 46-year-old, who is the data protection officer
(DPO) of analytics start-up Sumo Logic in Redwood City near San
Francisco.
"Suddenly, people are sitting up and taking notice."
Brown is among a hitherto rare breed of workers who are becoming
sought-after commodities in the global tech industry ahead of the
European Union's General Data Protection Regulation (GDPR), which goes
into effect in May.
The law is intended to give European citizens more control over their
online information and applies to all firms that do business with
Europeans. It requires that all companies whose core activities include
substantial monitoring or processing of personal data hire a DPO.
And finding DPOs is not easy.
More than 28,000 will be needed in Europe and U.S. and as many as 75,000
around the globe as a result of GDPR, the International Association of
Privacy Professionals (IAPP) estimates. The organization said it did not
previously track DPO figures because, prior to GDPR, Germany and the
Philippines were the only countries it was aware of with mandatory DPO
laws.
DPO job listings in Britain on the Indeed job search site have increased
by more than 700 percent over the past 18 months, from 12.7 listings per
every 1 million in April 2016 to 102.7 listings per 1 million in
December.
The need for DPOs is expected to be particularly high in any data-rich
industries, such as tech, digital marketing, finance, healthcare and
retail. Uber, Twitter, Airbnb, Cloudflare and Experian are advertising
for a DPO, online job advertisements show. Microsoft, Facebook,
Salesforce.com and Slack are also currently working to fill the
position, the companies told Reuters.
'EVERYONE IS LOOKING'
"I would say that I get between eight and 10 calls a week about a role
(from recruiters)," said Marc French, DPO of Massachusetts email
management company Mimecast. "Come Jan. 1 the phone calls increased
exponentially because everybody realized, 'Oh my god, GDPR is only five
months away.'"
[to top of second column] |
A picture shows wires at
the back of a super computer at the Konrad-Zuse Centre for applied
mathematics and computer science, in Berlin August 13, 2013.
REUTERS/Thomas Peter
GDPR requires that DPOs assist their companies on data audits for
compliance with privacy laws, train employees on data privacy and serve
as the point of contact for European regulators. Other provisions of the
law require that companies make personal information available to
customers on request, or delete it entirely in some cases, and report
any data breaches within 72 hours.
On a typical day, French said he monitors for any guidance updates for
GDPR, meets with Mimecast's engineering teams to discuss privacy in new
product features, reviews the marketing team's data usage requests,
works on privacy policy revisions and conducts one or two calls with
clients to discuss the company's position on GDPR and privacy.
"Given that we're trying to march to the deadline, I would say that 65
percent of my time is focused on GDPR right now," said French, who is
also a senior vice president of Mimecast.
The demand for DPOs has sparked renewed interest in data privacy
training, said Sam Pfeifle, content director of the IAPP, which
introduced a GDPR Ready program last year for aspiring DPOs.
"We already sold out all of our GDPR training through the first six
months of 2018," said Pfeifle, adding that the IAPP saw a surge in new
memberships in 2017, from 24,000 to 36,000.
Those companies who have DPOs, meanwhile, are braced for poaching.
Many of those firms reside in Germany, which has long required that most
companies that process data designate DPOs. They include Simplaex, a
Berlin ad-targeting startup.
"Everyone is looking for a DPO," said Simplaex CEO Jeffry van Ede. "I
need to have some cash ready for when someone tries to take mine so I
can keep him."
(GRAPHIC: Booming demand for data protection officers - http://tmsnrt.rs/2Bs7SEM
)
(Reporting by Salvador Rodriguez; Additional reporting by Stephen Nellis;
Editing by Jonathan Weber and Pravin Char)
[© 2018 Thomson Reuters. All rights
reserved.] Copyright 2018 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content. |
