What is GDPR?
The General Data Protection Regulation is a European regulation introduced in 2018 focusing on data privacy. From May 2018, all companies are fully responsible for the personal data they have access to. This means they must protect it from access by unauthorised persons, destroy it when it is no longer in use and make all the data the company has on any individual available immediately when requested.
Since the GDPR was only introduced early last year, GDPR jobs are all relatively new roles but will require a high level of experience and understanding to ensure the organisation is in full compliance with the law.
What are the main GDPR jobs?
Since its introduction last year, the proliferation of jobs relating to GDPR has grown massively in the last year. Common GDPR job titles include:
Information security manager
Information protection and privacy manager
Data protection analyst
More entry-level positions include roles like compliance analyst and IT security consultant. Senior GDPR positions for those with a number of years’ experience include data protection manager, data steward and information protection and privacy manager.
What does a data protection officer (DPO) do?
The GDPR requires every organisation that stores personal data to have an appointed data protection officer. A DPO is in charge of data management, disposal and safety for businesses which handle large quantities of personal data. This is a senior position and as such may require you to manage the daily activities of the wider compliance team.
Not every organisation will need to appoint a data protection officer but for larger businesses and those who focus on data collection, it will be a necessity.
As a data protection officer, responsibilities typically found on job descriptions include:
Education and awareness
You will need to ensure that every member of staff in the business understands their data protection responsibilities and raise awareness of how they can remain compliant at all times.
You will need to assess the organisation’s protocols to ensure that everything is compliant under the GDPR and make recommendations for risk management where any flaws are identified.
Creating data protection impact assessments
The Information Commissioner's Office (ICO) requires that an impact assessment be undertaken for any processing activity which is likely to result in a high risk to individuals. Should you be required to, you will need to work closely with the project manager to assess the risk to private data during this project and keep records of the assessment for any compliance audits the company is subjected to.
Maintaining data processing records
You will be responsible for keeping and monitoring the records of all data processing activities undertaken by the company for GDPR compliance, including the purpose of each activity which you may need to share publicly if requested.
Managing interaction with data subjects
As data protection officer, you will also be the point of contact with all data subjects the organisation holds information on, informing them of how their data is being used, their rights in relation to the GDPR and how their data is being protected and managed.
What qualifications do I need to get a job in data protection?
Generally, data protection roles are more focused on the law and compliance rather than the technical side of information security. For this reason, many data protection roles will expect law or economics qualifications. However, some roles in data protection, such as ‘information security analyst’ will sit between data protection and information security and be expected to have a deep understanding of the GDPR and experience in cyber security audit procedures.
Some professional qualifications which may be beneficial to your job search include:
Certified Information Privacy Professional Europe (CIPP)
EU General Data Protection Regulation Practitioner
Certified Information Systems Security Professional (CISSP)
ISO27001 Certified Lead Auditor
What is the average GDPR job salary?
Since this covers a wide range of roles, it is difficult to find an average salary per annum. Some example roles have been chosen and laid out below:
Information security analyst: £34,000
Information security officer: £40,000
Data steward: £38,000
GDPR consultant: £68,000