What is GDPR?

The General Data Protection Regulation is a European regulation introduced in 2018 focusing on data privacy. From May 2018, all companies are fully responsible for the personal data they have access to. This means they must protect it from access by unauthorised persons, destroy it when it is no longer in use and make all the data the company has on any individual available immediately when requested.

Since the GDPR was only introduced early last year, GDPR jobs are all relatively new roles but will require a high level of experience and understanding to ensure the organisation is in full compliance with the law.

What are the main GDPR jobs?

Since its introduction last year, the proliferation of jobs relating to GDPR has grown massively in the last year. Common GDPR job titles include:

  • Compliance officer

  • Information security manager

  • Information protection and privacy manager

  • Data steward

  • Data protection analyst

More entry-level positions include roles like compliance analyst and IT security consultant. Senior GDPR positions for those with a number of years’ experience include data protection manager, data steward and information protection and privacy manager.

What does a data protection officer (DPO) do?

The GDPR requires every organisation that stores personal data to have an appointed data protection officer. A DPO is in charge of data management, disposal and safety for businesses which handle large quantities of personal data. This is a senior position and as such may require you to manage the daily activities of the wider compliance team.

Not every organisation will need to appoint a data protection officer but for larger businesses and those who focus on data collection, it will be a necessity.

As a data protection officer, responsibilities typically found on job descriptions include:

  • Education and awareness

You will need to ensure that every member of staff in the business understands their data protection responsibilities and raise awareness of how they can remain compliant at all times.

  • Compliance audits

You will need to assess the organisation’s protocols to ensure that everything is compliant under the GDPR and make recommendations for risk management where any flaws are identified.

  • Creating data protection impact assessments

The Information Commissioner's Office (ICO) requires that an impact assessment be undertaken for any processing activity which is likely to result in a high risk to individuals. Should you be required to, you will need to work closely with the project manager to assess the risk to private data during this project and keep records of the assessment for any compliance audits the company is subjected to.

  • Maintaining data processing records

You will be responsible for keeping and monitoring the records of all data processing activities undertaken by the company for GDPR compliance, including the purpose of each activity which you may need to share publicly if requested.

  • Managing interaction with data subjects

As data protection officer, you will also be the point of contact with all data subjects the organisation holds information on, informing them of how their data is being used, their rights in relation to the GDPR and how their data is being protected and managed.

What qualifications do I need to get a job in data protection?

Generally, data protection roles are more focused on the law and compliance rather than the technical side of information security. For this reason, many data protection roles will expect law or economics qualifications. However, some roles in data protection, such as ‘information security analyst’ will sit between data protection and information security and be expected to have a deep understanding of the GDPR and experience in cyber security audit procedures.

Some professional qualifications which may be beneficial to your job search include:

  • Certified Information Privacy Professional Europe (CIPP)

  • EU General Data Protection Regulation Practitioner

  • Certified Information Systems Security Professional (CISSP)

  • ISO27001 Certified Lead Auditor

What is the average GDPR job salary?

Since this covers a wide range of roles, it is difficult to find an average salary per annum. Some example roles have been chosen and laid out below:

  • Information security analyst: £34,000

  • Information security officer: £40,000

  • Data steward: £38,000

  • GDPR consultant: £68,000


Cyber-Exchange Member-Badge Full AFC POS RGB logo referenced on jobboard finder 90x90

We use cookies to provide you with the best possible browsing experience on our website. You can find out more below.
Cookies are small text files that can be used by websites to make a user's experience more efficient. The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission. This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
SessionUsed to track your user session on our website.
ResolutionUsed to ensure the correct version of the site is displayed to your device.

More Details