Time is ticking to recruit enough Data Protection Officers in UK to comply with GDPR

SupermanNew research shows that 7,000 large companies in the UK must train around 14 Data Protection Officers a day between now and May 2018 in order to comply with the GDPR irrespective of Brexit vote

Research conducted by GO DPO®, the strategic partner for the Henley Data Protection Officer (DPO) Programme, estimates that around 7,000 large companies (employing in excess of 250 employees) will need to recruit and train at least one DPO each over the next 24 months irrespective of whether or not the UK votes to leave the EU.

On the basis that there are a total of 496 working days (excludes public and Bank Holidays and all weekends) between now and when the EU General Data Protection Regulation (GDPR) comes into full force on 25 May 2018, that means there will be a requirement to train around 14 DPOs every day in order to comply with the GDPR.

Darren Verrian, CEO, GO DPO® explains: “This headline figure of 7,000 DPOs isn’t a wild exaggeration and if anything is an under-estimate of the actual requirement as many banks and insurance companies employ more than one senior manager to fulfil the requirements of a DPO at the company given the scope and pivotal nature of the role when handling millions of customer and client accounts.

“Our conservative calculations are based on figures published by BIS at the end of last year and have ignored 33,000 medium-sized companies that employ 50-249 employees from this calculation, even though it’s clear that many will also require to appoint a DPO.

“Not all companies will necessarily want to employ an in-house senior manager as a DPO and may instead opt to have a third party provide a DPO managed service in order to satisfy requirements under the GDPR. However, these independent contractors will also need to be trained.”

As a result of demand, particularly from the financial services sector, for senior manager training for those to be appointed as DPO, Henley Business School has just launched its own Executive Education DPO Programme and expects to have a significant number of enrolments over the next six months.

“What the underlying figures for the recruitment and training of a DPO conceal is the vast amount of changes to data processing policies, processes and procedures that must be undertaken as a matter of urgency in order to protect business continuity in the face of one of the biggest shake-ups in data protection for over two decades,” adds Mike Davis, Head of Open Programmes at Henley Business School.

“Our DPO Programme isn’t about simply training DPOs to be compliant with European data protection law but is designed to help senior compliance managers make the step up into the new breed of DPO required under the GDPR. It also opens the door for the private sector to train senior consultants to provide a high-quality DPO managed service that will become an industry in its own right over the next couple of years,” observes Davis.

A sneak preview of the DPO Programme is available by registering for the ‘Getting Started’ interactive Module here.

Further information on the DPO Programme, contact Gemma Jones at Henley Business School at gemma.jones@henley.ac.uk

Leave a reply