The European Union’s forthcoming General Data Protection Regulation (GDPR) will require the recruitment of “at least” 75,000 data protection officers to enable organisations to keep on top of their new legal obligations.
The GDPR will come in on 25 May 2018, and there won’t be any grandfathering of existing contracts – organisations will need to be 100 per cent compliant from day one, or risk fines up to four per cent of turnover.
But according to the International Association of Privacy Professionals (IAPP), the GDPR will require the widespread and large-scale recruitment of data protection officers – typically lawyers specialised in data protection law – in order to stay on top of the new EU law.
“Because the EU’s 28 member states together represent the world’s largest economy and the top trading partner for 80 countries, many companies around the globe buy and sell goods to EU citizens and are thus subject to the GDPR,” claims the IAPP.
One of the requirements of the GDPR is that any organisation conducting large-scale processing of personal data must have a data protection officer who is independent from the organisation. Hence, companies across the world will now need to consider how to introduce such a role into their business, including the extent of their authority, to whom they will report and how the role will operate.
Earlier this year, the IAPP claimed that organisations in Europe and the US would require at least 28,000 data protection officers, and suggested that this was a conservative estimate.