On the 25th May 2018, the EU General Data Protection Regulation’s (GDPR) came into effect and brought in the requirement for the role of Data Protection Officer (DPO) within certain organisations.
This has created a demand in the market for professionals with knowledge of the regulation. Organisations within the European Union are desperate to hire experienced professionals who can guide them towards compliance and avoid large fines.
Even if a DPO isn’t required by the EU GPDR, many organisations will choose to have an employee act in the capacity of Data Protection Officer, without officially designating them with the job title.
In this blog article, you will learn everything you need to know about this career, including the salary, responsibilities, advantages and steps of how to become a fully-fledged Data Protection Officer…
So, let’s get started!
First Of All, What Is A Data Protection Officer?
The primary role of the Data Protection Officer (DPO) is to make sure that their organisation processes the personal information of its staff, customers, suppliers or any other individuals (also known as data subjects) in compliance with EU General Data Protection Regulation rules.
The average annual salary for a DPO in the UK is £55K and this alone is a great reason to look more into this career path. On paper, it seems like the role of Data Protection Officer is pretty simple – well, now we are going to go deeper into the roles and responsibilities, so you can decide for yourself.
What Does A Data Protection Officer Do?
The Data Protection Officer (DPO) is a very important part of any business and is hired to ensure compliance within the organisation. The DPO must be able to perform their duties independently and there are various assurances put in place in order to guarantee independence.
1. The DPO should not receive any instructions regarding the performance of their duties.
2. There must not be a conflict of interest between the duties of the individual as a DPO and other responsibilities. For example, the head of HR could not be appointed as a DPO within an organisation.
3. The DPO should not report to a direct superior, other than top management and should be responsible for their own budget.
4. The organisation must offer resources, including personnel to fulfil a Deputy DPO role to support the DPO to carry out their duties. This can also include access to resources, such as training facilities.
5. The DPO has the authority to investigate and get immediate access to all personal data and data processing operations.
6. The organisation must set a minimum term of appointment and strict conditions for dismissal for a DPO post. The DPO should be appointed for a period between 2 and 5 years, however they can only be reappointed for a maximum of ten years in total.
The Data Protection Officer is responsible for ensuring that the Data Protection rules are respected in cooperation with the ICO, the DPO must carry out the following tasks in their role:
• Ensure that both organisations and data subjects are informed about their Data Protection rights, obligations, responsibilities and raise awareness about them.
• Offer advice and recommendations to the organisation about the interpretation or application of the Data Protection rules.
• Create a register of processing operations within the organisation and notify the DPA of those that present specific risks.
• Handle queries or complaints upon request by the ICO, organisation, data subjects on their own initiative.
• Cooperate with the DPA throughout investigations, complaint handling and inspections.
• Draw the ICO’s attention to any failure to comply with the EU General Data Protection Regulation.
What Are The Challenges Of A Data Protection Officer?
The role of DPO may sound like a dream come true to most professionals, however we do need to make you aware of a few challenges and risks that you will face in your pursuit to help your organisation become truly transparent and fully compliant.
Face Criminal Liability
In the United Kingdom, a Data Protection Officer can face criminal liability if they knew or ought to have known that there was a risk that the contravention would occur and that such a contravention would be a kind likely to cause substantial damage or distress, but failed to take reasonable steps to prevent the contravention. In the UK, the penalties received are statutory damages, but not imprisonment.
A large amount of DPO’s do not have a dedicated privacy team and are often under-resourced. DPO’S have so many operational tasks to complete and without additional personnel, they might struggle to keep up. If you become a DPO and run into this challenge, then you should use your communication skills to get more resources.
From data subject access requests, breach notifications, data protection impact assessments, the workload can be extremely overwhelming and stress inducing to a new DPO. Remember to delegate tasks to others who are qualified to do so.
Even if the DPO has a privacy team within the organisation, the Data Protection Officer is still required to be independent and is typically left to the side of the core privacy team. If you are suffering from isolation in your career as DPO, then you should work to build Data Protection into daily operations. From customers to staff members, everyone needs to be involved in data privacy issues.
Why Become A Data Protection Officer?
The role of Data Protection Officer (DPO) is said to become the most desirable and sexiest job of the decade and we can confirm that the role of DPO does have some amazing advantages:
Receive A Fantastic Salary
As mentioned before, the average annual salary for a DPO in the UK is £55K and the most experienced DPO’s can earn up to £74K a year!
Data Protection Officer’s have amazing job security and if you get into a DPO role, the article 38 states that you cannot be penalised for performing tasks, receive instructions regarding your tasks and you only report to the highest management level.
With great power comes great responsibility! It is worth noting that a DPO only has an advisory function within the organisation and does not have the authority to make decisions. Being a Data Protection Officer is a very interesting, challenging job if you are interested in business processes, data security, lifelong learning and sharing legal views or interpretations.
How Do I Become A Data Protection Officer?
Before you start your Data Protection adventure, you should find out if this career is right for you. Read stories online from other DPO’s, reach out to them and ask all of your burning questions.
Purple Griffon offer the following easy and affordable EU General Data Protection Regulation (GDPR) online training courses, where you can become certified from the comfort of your own home or office:
Your brand new EU GDPR qualification could be earned online in just 180 days!
Some Tips For Becoming A Data Protection Officer:
Read, Research & MORE READING!
We would advise that you start reading the ‘The Data Protection Officer: Profession, Rules And Role’ by Paul Lambert in your spare time and carry out extensive research on EU GDPR legislation.
Develop Your Communication Skills!
You need to demonstrate strong communication skills in order to speak with a wide-ranging audience, from the board of directors to data subjects, IT staff and lawyers.
Work On Your Management Skills!
The best DPO’s have excellent management skills and are able to interface easily with both internal staff and outside authorities.
Get A Qualification!
Most DPO’s will have previous experience in legal compliance, HR or data management and may migrate directly into the role, but you can also break into the role with a training scheme. These qualifications will increase your chances of being hired as a Data Protection Officer: