Thinking of a career change? If you’re technologically inclined, you might want to consider the position of data protection officer, especially if you’re looking for a quick boost in pay.
Data protection officer (DPO) is a relatively new career option, and Reuters reports that when people first started training to become DPOs, there really wasn’t all that much demand for people qualified to manage the legal and ethical issues related to handling customer data.
But all that’s changed, thanks in large part to a European law that has businesses the world over suddenly scrambling to find people who can fill the role. The European Union’s General Data Protection Regulation, which goes into effect in May, requires that all companies whose core activities include substantial monitoring or processing of personal data hire a DPO. The goal is to provide European citizens more control over their online information, and the law applies to all firms that do business with Europeans.
An estimate from the International Association of Privacy Professionals puts the growing need at truly amazing levels, with more than 28,000 DPOs needed in Europe and the U.S. and as many as 75,000 globally—all as a result of GDPR—with data-rich industries, such as tech, digital marketing, finance, healthcare and retail at the forefront of recruiting. In fact, Uber, Twitter, Airbnb, Cloudflare and Experian, according to the report, are already advertising online for DPOs; so are Microsoft, Facebook, Salesforce.com and Slack.
“I would say that I get between eight and 10 calls a week about a role [from recruiters],” Marc French, DPO of Massachusetts e-mail management company Mimecast, is quoted saying in the report. He adds, “Come January 1 the phone calls increased exponentially because everybody realized, ‘Oh my god, GDPR is only five months away.’”
DPOs are required by GDPR to assist their companies on data audits for compliance with privacy laws, as well as to train employees on data privacy and serve as the point of contact for European regulators. The law also obligates companies to make personal information available to customers on request, or delete it entirely in some cases, and report any data breaches within 72 hours.
The demand for DPOs has not only boosted interest in data privacy training, according to Sam Pfeifle, content director of the IAPP, which introduced a GDPR Ready program last year for aspiring DPOs, but has caused a rush on training for would-be candidates for the position. In the report, Pfeifle is quoted saying, “We already sold out all of our GDPR training through the first six months of 2018.” He adds that the IAPP saw a surge in new memberships in 2017, from 24,000 to 36,000.
And poaching is common, and likely to become more so, as companies in desperate need of a DPO try to lure one away from an existing job—many of which are in Germany. Berlin ad-targeting startup Simplaex’s CEO, Jeffry van Ede, is quoted saying, “Everyone is looking for a DPO. I need to have some cash ready for when someone tries to take mine so I can keep him.”