EU GDPR requires an estimated 28,000 data protection officers across Europe

The new EU General Data Protection Regulation (GDPR) is set to become effective in May 2018, and will bring with it a huge staffing impact, according to recent studies carried by the International Association of Privacy Professionals (IAPP).

One of the Regulation’s requirements, which has not been seen previously in most European law (Germany is the notable exception), relates to staffing. Public authorities and organisations handling and processing high volumes of personal data will now have to hire, appoint or contract a data protection officer (DPO).

A recent study by the IAPP indicates that, under the new GDPR, Europe will need at least 28,000 DPOs. The number of DPOs is estimated based on official statistics about public and private sector data controllers within the European Union. As a result, European and overseas organisations handling European residents’ data will create a huge demand for DPOs in response to the requirements of the new Regulation.

The DPO role

The GDPR requires a DPO to be appointed on the basis of professional qualifications and qualities, in particular “expert knowledge of data protection law and practices”. An organisation’s DPO may be either an employee or a third party who provides data protection officer services, depending on certain criteria.

The responsibilities of the DPO lie in ensuring, in an independent manner, that personal data is handled and processed in line with the EU GDPR’s requirements.

Article 37 of the Regulation lists the following tasks as part of a DPO’s role:

  • Monitor and ensure compliance with the Regulation.
  • Inform and advise the controller or processer and the company’s employees of their obligations to comply with the GDPR.
  • Conduct internal audits, manage internal data protection activities and provide training to data processing staff.
  • Advise senior management teams with regard to data protection impact assessments.
  • Serve as the contact point for issues related to processing personal data.
  • Respond to enquiries from data subjects on issues relating to consent, the ‘right to be forgotten’, data protection practices and other related data subjects’ rights.

DPO’s rights under the GDPR

In addition to their responsibilities, DPOs are granted various rights and benefits under the GDPR. Organisations will be required to ensure that the DPOs have access to company resources and receive the necessary ongoing training to fulfil their job responsibilities. DPOs will have independence in performing their roles, reporting directly “to the highest management level” of the company. On the other side, DPOs will have certain statutory obligations, including being bound by secrecy or confidentiality.

GDPR training opportunities for DPOs

There are two years before the EU General Data Protection Regulation will come into force – time in which organisations will need to upskill or train DPOs. To help organisations train their staff and achieve compliance with the GDPR, IT Governance has launched its brand new Certified EU General Data Protection Regulation Practitioner Training Course. The course is a four-day preparation for individuals looking to solidify their knowledge of the EU GDPR. This course is particularly designed to enable delegates to fulfil the role of data protection officer (DPO).

Delegates attending will walk away with in-depth knowledge of data mapping, data privacy impact assessments, GDPR privacy principles, consent rules, subject access requests, risk management framework, data breach reporting requirements and much more.

The course is also suitable for managers already involved in data protection with either an information security or data protection background, and privacy professionals who wish to develop their knowledge of data protection with a professional qualification.

Book a place on the Certified EU General Data Protection Regulation Practitioner Training Course

Delegates with little or no knowledge of the EU General Data Protection regulation are advised to attend the Certified EU General Data Protection Foundation training course to help build a basic understanding of the new Regulation. By booking places on both courses, delegates save 15% on the total price.

Take advantage of an exclusive 15% off the Certified EU GDPR Foundation and Practitioner training combined course.


Share now…

Share on Twitter Share on Facebook Share on LinkedIn