As the co-programme director for the DPO Certificate at Henley Business School, it was my job to help navigate the delegates through the thicket of the EU General Data Protection Regulation (GDPR) as well as flagging up stuff that organisations need to do now during the two-year transition period.

If you would like a copy of my presentation, feel free to get in touch with me on this website and I’d be happy to send it to you.

My short talk focused on the practical implications for organisations and HR departments in the rapidly changing data protection and privacy landscape and at the centre of these seismic changes sits a new breed of Data Protection Officer (DPO).

This person has the rare gift of knowledge, skills and experience typically not found in a senior manager – independence and ability to work on their own initiative, highly knowledgeable on legal, regulatory, compliance and data protection issues and an impressive understanding of data processing technology and processes.

Research carried out by GO DPO®, the strategic training and executive recruitment partner for the Henley DPO Programme, estimates that at least 33,000 of these Superheroes are required for the UK, although currently there’s a shortage of suitably qualified and experienced DPOs not just here in the UK but across the whole of Europe.

From a practical perspective, the best qualified and experienced DPOs will already have job interviews booked in their diary to attend this year. And the reason for this is extremely clear.

20160203_141959_003Any organisation that has personal data at the centre of its operations will need to have a real Superhero helping it to navigate the GDPR transition period over next 24 months with high degree of skill and precision in order to avoid being hit with a €20m or 4% of global turnover fine by the Supervisory Authority or industry Regulator in the wake of a personal data breach at the end of the transition period.

I recall many years ago that the celebrated TV playwright and barrister Sir John Mortimer QC gave me some prescient advice when I answered the small ad he’d placed in the London Evening Standard for a tenant for the basement studio in his rather lovely Georgian townhouse in swanky Swiss Cottage, NW London.

At that time I was a poor law student looking for some digs. So imagine my surprise when he answered the door!

“Money concentrates the mind” he said as he led me downstairs to inspect the rather luxurious basement accommodation which was clearly was out of my price range!

Fast forward to today, and I remembered those words when thinking about the talent shortage and what any HR Director will tell you when trying to make a senior hire with very few candidates to choose from.

As part of the DPO Programme at Henley, we’ve forensically examined what it takes to be a successful DPO and we’ve broken this down into eight separate skill sets in the table below.

Arts.35-37, GDPR spell out the duties and tasks of the DPO that also includes inter alia awareness training for all staff as well as general and advanced training for all staff handling and processing personal data.

To be confident of a successful hire, organisations must ensure that the DPO selected is properly qualified and trained and under Art.36, GDPR the post-holder is directly responsible for maintaining her/his expert knowledge, where the failure to do so will result in an administrative fine of €10m or 2% of global turnover.

Recalling what Sir John Mortimer said to me all those years ago, investing in a suitably trained DPO could be the best move any organisation can make right now.