Data is driving massive innovation and growth in today’s economy, forcing data privacy and security into its rightful place in the spotlight. But data privacy is hard, with only the best leaders capable of navigating its treacherous waters. After Cambridge Analytica and the rollout of GDPR, many of the biggest companies are now scrambling to fill the role of Data Protection Officer (DPO).
Whereas there are plenty of people who are versed in the tenets of information security, finding someone who understands compliance, technology and the implications of Business. They need to understand the tension that exists between innovation and data security and how to enact a proactive strategy to ensure the Business can operate safely at the speed needed to compete in today’s digital landscape. And the larger the company, the greater the data and harder the challenge.
Who is your ideal DPO? Do you hire or grow from within? When will we be compliant and how long will we be at risk? These are the questions asked by executives in boardrooms across the world, and getting the answers wrong can spell doom for your business.
While GDPR does define some basic responsibilities, the DPO role is much broader than simply a compliance checkmark. A DPO must have an understanding of legal and regulatory frameworks, whilst also being able to understand all services and applications that are processing sensitive data. Keeping up with the latest advances in machine learning and natural language processing, while knowing the intricacies of international regulations, requires the perfect blend between technological understanding and legal knowledge.
What’s more, this person should understand that there’s a greater inherent risk to the business than GDPR: innovation stagnation. Data drives innovation and when it does not flow throughout the business, it’s virtually impossible to operate at the pace needed to compete.
If this sounds like a unicorn hire, that’s because it is. These rare skills are putting pressure onto DPO recruitment. The Federation of Small Businesses recently reported that 22 percent of business owners think that a lack of digital skills is holding them back.
Rather than one person having all of these skills, the DPO function could be viewed as more of a data ombudsman, a role or collection of people who operate separate to the everyday working of the business. They should be committed to representing consumer data protection rights, and ensure that the company acts in the best interest of the individual to support growth and overall business goals.
In developing this role, leaders must understand that data security and data privacy are related but complementary components of the problem. Security is primarily focused on preventing unauthorised access to data, such as encrypting data at rest and during transport to limit snooping. Data privacy, on the other hand, is about reducing risk within the data that is made available, such as masking data to eliminate personal information.
