US alone will need 9,000 DPOs to meet GDPR mandates, says International Association of Privacy Professionals – but don’t expect that many new job listings.
The world only has about 18 months to find 75,000 data protection officers (DPOs).
According to the International Association of Privacy Professionals (IAPP), that’s how many DPOs it will take to meet the mandates of the European Union’s General Data Protection Regulation (GDPR) which goes into effect in May 2018 — and two-thirds of them won’t even be inside the EU.
The rigorous new privacy and security regulation mandates that public authorities and some companies must have a DPO, who is, by law, independent from the organization that funds the position. Data “controllers” or “processors,” must designate a DPO if they conduct “regular and systemic monitoring of data subjects on a large scale,” or if they do “processing on a large scale of special categories of data.”
“Appointing a data protection officer is just the beginning,” said IAPP VP of research and education Omer Tene, in a statement. “Organizations will need to ensure DPOs are well qualified and trained in the growing body of knowledge of the privacy profession, including law, technology and data management best practices.”
Dark Reading’s all-day virtual event Nov. 15 offers an in-depth look at myths surrounding data defense and how to put business on a more effective security path.
The DPO requirement is just one of many components of the GDPR, which is much fiercer than earlier laws protecting European citizens’ data privacy or any privacy laws in the US. The limitations on data use are stricter, the penalties for noncompliance are steeper, and the number of organizations that will have to comply are more numerous.