Martech: Martech is Marketing Logo
  • Topics
    Digital Transformation
    Marketing Operations
    Data
    Customer & Digital Experience
    Performance Marketing
    Marketing Management
    Special Reports
    MarTech Topics
  • Conference
  • Webinars
  • Intelligence Reports
  • White Papers
  • What is MarTech
    Mission
    Staff
    Newsletter
    Search Engine Land
    Third Door Media

Processing...Please wait.

MarTech » Data » GDPR introduces a new job position: The data protection officer

GDPR introduces a new job position: The data protection officer

IAPP says that as many as 75,000 DPOs may be required worldwide to comply with the regulation.

Robin Kurzer on February 16, 2018 at 3:33 pm

At 99 articles, the General Data Protection Regulation (GDPR) is a daunting piece of legislation. Fortunately, it had the foresight to assign itself an administrator.

Enter the data protection officer (DPO). If you haven’t heard of this new role, you will soon.

A straightforward job description…

GDPR’s Article 39 lays out the requirements for the new job.

The data protection officer shall have at least the following tasks:

  • To inform and advise the controller or the processor and the employees who carry out processing of their obligations pursuant to this regulation and to other Union or Member State data protection provisions.
  • To monitor compliance with this regulation, with other Union or Member State data protection provisions and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits.
  • To provide advice where requested as regards the data protection impact assessment and monitor its performance pursuant to Article 35.
  • To cooperate with the supervisory authority.
  • To act as the contact point for the supervisory authority on issues relating to processing, including the prior consultation referred to in Article 36, and to consult, where appropriate, with regard to any other matter.

The data protection officer shall in the performance of his or her tasks have due regard to the risk associated with processing operations, taking into account the nature, scope, context and purposes of processing.

Whew. There’s a lot to do. But even without GDPR, there’s been an increasing need for additional personnel to handle cybersecurity issues. Last year saw record-breaking data breaches. And just this week, RiskIQ released its CISO Survey of 1,691 US and UK businesses, which showed that 67 percent say they do not have sufficient staff to handle the cyber alerts they currently receive.

The International Association of Privacy Professionals (IAPP) has estimated that as many as 75,000 DPO positions will be required across the globe.

… but the role will likely evolve

Dimitri Sirota, CEO and co-founder of data protection company BigID, said that DPOs will vary from business to business.

“GDPR does not specify precise credentials a DPO must have, therefore different businesses will look for different professional qualities amongst candidates,” Sirota said. “DPOs are responsible for training staff involved in data processing, educating the company and its employees on important compliance requirements and conducting regular security audits, so it is a very expansive role with varying responsibilities. In addition, DPOs operate as the point of contact between the enterprise and any supervisory authorities that oversee data related activities.”

“What we have been seeing in the months leading to GDPR implementation is a focus on independence and overall managerial qualities, and less on one specific skill set. Typically, businesses will default to people with some sort of legal background, and this makes perfect sense due to the extreme legal ramifications companies face in failed compliance,” Sirota said, acknowledging that as time progresses, so will the required skill sets.

“However, as time progresses and businesses become more familiar with compliance requirements and operation, we expect to see this role demand greater data knowledge and aptitude. A highly important skill for businesses to evaluate when hiring a DPO is the ability to communicate with a wide range of audiences with varying levels of legal and data knowledge. In the early going, we can expect a good amount of trial and error in DPO hires, and the skill sets possessed by DPOs keeping businesses in line with GDPR compliance will become those in the highest demand,” Sirota said.

Andy Dale, software company dataxu’s vice president, legal, has taken on the DPO role “knowing we might have to reevaluate just prior to the effective date in May 2018.”

“Prior to the GDPR it was important that this role integrate into the product management and development teams to provide review and sometimes sign-off on how data is used and managed,” Dale said. “After the GDPR, it will become very important. The DPO needs to serve as a layer of independent review and act as the ambassador of data subjects. In my opinion, the most important aspects of this role are: the oversight of privacy impact assessments for higher risk processing activities and the integration of privacy by design principles.”

Dale said that dataxu will create a dedicated DPO office and transition the role to a third party who will “provide independence, but who is deeply expert in the adtech ecosystem. The DPO will be closely involved in the product lifecycle, lead independent review of privacy impacts, provide policy advice and data governance. Creating this third-party independent DPO allows for a stronger implementation of data protection oversight,” he said.

The end user gets a voice

“As a B2B software company, our DPO plays a very unique role in our business,” David Spitz, CMO of customer data platform mParticle, told me. “If marketing represents the voice of the customer, the DPO is the voice of our customer’s customer — the consumer — as it pertains to the ethical use of their data. On any given day, she supports various departmental functions, including legal, product, marketing, sales, engineering and support services, but she does not sit within any one of them.”

“A DPO who is just there to ‘check a box’ on a regulatory requirement will never be successful. The role must be given complete autonomy to address issues and opportunities beyond the letter of the law, and across disciplines,” Spitz said.


New on MarTech

    How clean, organized and actionable is your data?
    Replacement Survey: The top 5 solutions replaced
    What’s the biggest hidden secret in Google Ads?
    Native video tops social media in brand awareness study
    Worsening economy has more shoppers getting online info before making in-store purchases

About The Author

Robin Kurzer
Robin Kurzer started her career as a daily newspaper reporter in Milford, Connecticut. She then made her mark on the advertising and marketing world in Chicago at agencies such as Tribal DDB and Razorfish, creating award-winning work for many major brands. For the past seven years, she’s worked as a freelance writer and communications professional across a variety of business sectors.

Related Topics

DataMarketing Operations

Get the daily newsletter digital marketers rely on.

Processing...Please wait.

See terms.

ATTEND OUR EVENTS The MarTech Conference logo.

September 28-29, 2022: Fall

Start Training Now: Master Classes

Start Discovering Now: Spring



The SMX Conference logo.

Start Training Now:: SMX Advanced

November 14-15, 2022: SMX Next

March 8-9, 2022: Master Classes

Webinars

Agencies: Grow Revenue Streams Through Web Accessibility & Compliance

Protect Your Paid Advertising Spend Against Ad Fraud and Invalid Traffic

Build an Integrated Search Strategy Across Google, Amazon and YouTube

See More Webinars
Intelligence Reports

Enterprise SEO Platforms: A Marketer’s Guide

Enterprise Identity Resolution Platforms

Email Marketing Platforms: A Marketer’s Guide

See More Intelligence Reports
Featured White Paper

Site Search 101

See More Whitepapers

Receive daily marketing news & analysis.

Processing...Please wait.

Topics

  • Transformation
  • Operations
  • Data
  • Experience
  • Performance
  • Management
  • All Topics
  • Home

Our Events

  • MarTech
  • Search Marketing Expo - SMX

About

  • What is MarTech
  • Contact
  • Privacy
  • Terms Of Use
  • Marketing Opportunities
  • Staff

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • Newsletters
  • RSS

© 2022 Third Door Media, Inc. All rights reserved.