Hiring kit: GDPR data protection compliance officer
May 2, 2018
The GDPR data protection compliance officer is responsible for monitoring compliance with the GDPR and other data protection laws and is a mandatory position for certain enterprises. This hiring kit includes a job description, sample interview questions, and a basic want ad to help you find the best person for the job.
From the job description:
The European Union’s General Data Protection Regulation (GDPR) requires every business enterprise and every public authority that collects personal data from customers and clients residing in the EU to protect that data from unauthorized access. For the purposes of the GDPR, personal data means any data that can be used to identify the data subject, including name, address, email, and even IP address. The definition is broad and all encompassing and no organization, regardless of physical location or size, is exempt from compliance.
Under certain conditions, an enterprise will be required to appoint a GDPR data protection compliance officer. This executive-level data protection officer (DPO) will be responsible for ensuring that the organization complies with all the provisions of the GDPR and will act as the main contact person with authorities when noncompliance issues and disputes occur.
According to the GDPR, your organization must appoint a DPO if:
- You are a public authority (except for courts acting in their judicial capacity)
- Your core activities require large-scale, regular, and systematic monitoring of individuals
- Or your core activities consist of large-scale processing of special categories of data (medical) or data relating to criminal convictions and offenses
For all intents and purposes, if your enterprise collects or processes personal data as a normal core part of its business activity, you’re likely to need a DPO—or at the very least, be able to explain why you don’t have one.
The GDPR is vague about the specific experience and skill requirements that constitute a qualified GDPR data protection compliance officer, except to say that the appointee must have experience with and knowledge of data protection law. However, enterprises should also look for candidates with experience and knowledge concerning how data protection works from an IT perspective. Of course, the best candidates will also have extensive and specific knowledge of how data protection and legal compliance work for your particular enterprise or industry.
Finding ideal candidates for the GDPR data protection compliance officer position will require thorough vetting, and potential candidates may be difficult to find. This job description will help you target the qualities and skills you should look for in a data protection compliance officer.