The EU’s General Data Protection Regulation (GDPR) may spur a hiring boom before it comes into force in early 2018, as it will require the introduction of “at least” 75,000 data protection officer (DPO) positions around the world, according to new findings.
When the regulation takes effect on 25 May 2018 it will apply not only to the EU’s 28 member states, but to any country handling EU citizens’ data – and the EU is the top trading partner for 80 countries.
While such positions have become established in countries such as Germany, France and Sweden over the past decade, they are relatively unknown outside the EU, the International Association of Privacy Professionals (IAPP) said in a new report.
That means the regulation is likely to represent a significant undertaking for companies and organisations looking to come into compliance with it, the IAPP said.
It estimated that even within the EU roughly 11,790 non-financial, private sector enterprises would require a DPO, as well as all financial institutions (7,226) and life insurance (535) enterprises, and another 4,000 for the public sector.
The IAPP estimated about 9,000 US companies would be required to hire someone for the position.
The organisation then calculated the number of positions that would be required in other countries, based on their proportion of trade with the EU, taking the US – which represents 17.1 percent of Europe’s global trade – as a benchmark.
It found, for instance, that China would require 7,568 DPOs, Switzerland 3,682, Russia 3,068, Turkey 2,045, Norway 1,790 and Japan 1,688.
In total the IAPP estimated 75,000 DPOs positions would be required in Europe and elsewhere, which it said is a “conservative” estimate.
In a survey the company found 40 percent of respondents planned to make their current privacy leader their DPO, with another 50 percent saying they would appoint someone on the privacy leader’s team or train someone already within the organisation.
Fewer than 10 percent said they would have to hire from outside the company or outsource the role to a law firm or consultancy. Eighty percent said they would appoint a DPO to comply with the regulation.
But those figures only represent the IAPP’s own members or groups who subscribe to its newsletter, and as such are already aware of privacy issues.
“There will undoubtedly be some variation in how average companies around the world comply, especially if they have not yet set up a formal privacy office of some kind,” the IAPP stated.
It cited a recent report that found the average privacy office has only existed for six years, with even “mature” offices having been in place for just over 11 years.
The Article 29 Working Party, the EU’s group of privacy regulatory agencies, has said it will release guidance regarding the mandatory data protection officer role beginning in December.
A June study found only 4 percent of small businesses understood the effect GDPR would have on them, whilst 82 percent of companies have either not heard of GDPR or don’t understand its impact.
UK information commissioner Elizabeth Denham said in September the regulation would come into effect before Britain leaves the European Union, acknowledging the EU referendum had thrown Britain’s data protection plans into “a state of flux”.
Why not test your knowledge of European tech pioneers and the EU’s contribution to the industry?Try our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…