Rawpixel.com - Fotolia
Two-thirds of UK firms are hiring permanent employees to help meet the EU’s General Data Protection Regulation (GDPR) compliance deadline, a study shows.
A further 64% of CIOs will hire temporary or interim staff to ensure they have the highly-skilled talent in place to manage the change in data management and reporting.
Preparation for compliance with the GDPR is essentially a change management programme, Emma Butler, data protection officer (DPO) at digital identity firm Yoti told a seminar hosted by IT industry body TechUK in June 2017.
Analytics, regulatory knowledge and project management are the skills most in demand, according to the study developed by recruitment firm Robert Half UK.
The study, which polled 400 directors of UK companies, was conducted by an independent research firm.
As organisations concentrate on GDPR compliance initiatives, the study shows the demand for permanent project managers (33%), business analysts (26%) and data protection officers (26%) that oversee how data is processed will increase.
Even though the final version of the GDPR requires only public authorities and other entities engaged in profiling to appoint a DPO, the staffing impact will be substantial, according to a study by the International Association of Privacy Professionals (IAPP) that was published in November 2016.
Read more about GDPR
- With less than a year to go before the General Data Protection Regulation compliance deadline, many businesses are floundering, while others are embracing data-centric security to fast-track compliance.
- The GDPR is not only relevant to information security officers and data protection officers – it has a massive impact on businesses.
- There is no time for businesses to delay in preparing for the GDPR, says the UK privacy watchdog.
- GDPR: One year to compliance and opportunity.
According to the study, the GDPR was likely to require the appointment of at least 75,000 DPOs worldwide ahead of the compliance deadline.
With the compliance date of 25 May 2018 drawing closer, the study shows that businesses are recognising that a combination of soft and technical skills is key for the long-term implementation of GDPR.
Company directors said knowledge of analytics (44%), regulation and compliance (39%), and project management (38%) will be imperative in implementing the changes. Strategic thinking (39%), communication skills (39%) and attention to detail (31%) are also required to ensure compliance professionals can act as business leaders and play an effective role in influencing data practices and policies.
“The GDPR is the latest piece of legislation to evolve the compliance and regulatory landscape in the UK and across Europe,” said Phil Sheridan, senior managing director at Robert Half UK, UAE and South America.
“As demand for candidates with the required technical and project management skills reaches fever pitch, business should seek out those with the transferable skills required to ensure compliance,” he said.
While GDPR certified practitioners are in short supply, Sheridan said project managers and business analysts with experience in MiFID ll and Sarbanes-Oxley (Sox), among others, with have the requisite skills to support compliance, particularly on an interim and project basis.
The type of role that businesses are recruiting for with GDPR will vary according to company size, the study found.
Overall, 16% of small to medium-sized enterprises (SMEs) see GDPR as a concern, compared with 2% of large business.
SMEs are more likely to hire project managers (32%) to help with compliance, while larger organisations are placing a greater focus on recruiting data protection officers (33%), the study shows.
The recruitment of extra staff will not only help UK companies meet the GDPR requirements, but also planned new UK data protection laws.
In August 2017, the government announced it is considering plans to introduce new legislation to strengthen data protection, with proposed fines of up to £17m or 4% of global turnover to bring UK data protection law in line with the GDPR to ease data exchanges between the UK and the EU after Brexit.