The European Union (EU) General Data Protection Regulation (GDPR) is causing quite a stir among data-centric businesses. The regulatory legislation applies to all organisations that collect, store and use the data of EU citizens. This new approach to data management will transform the way that both businesses use data and the public’s access to it. Businesses were granted a two-year window from April 2016 to review practices and put relevant processes and procedures in place to meet GDPR regulations. That grace period will come to an end in May 2018 – a timeline that induces panic in even the most well-oiled machines.
The reason for the panic is two-fold: 1) GDPR is a long list of complex requirements, which many organisations have to work through; and 2) Organisations are rushing to find highly-skilled talent to manage the change in data management and reporting.
As a result, we are witnessing an increase in hiring to cope with the introduction of GDPR. According to our recent research, two-thirds (66%) of CIOs will hire additional, permanent employees to handle the increased activity, while other companies plan to increase their teams with temporary or contract resources. Our research further shows that 35% plan to hire project managers and 20% plan to hire business analysts on a contract basis. According to Protiviti, the GDPR project fits most naturally into compliance or legal teams but due to the company-wide implication, there isn’t one right function for it.
In the short term, businesses should be looking towards business analysts or project managers that are prepared to do the investigation and scope out the requirements in the lead up to the legislative change. Business analysts are in a position to take a comparative view of where the business is, versus where it needs to be. While project managers are well-placed to manage timelines, knowledge of analytics (44%), regulation and compliance (39%), and project management (38%) will be imperative to implementing the changes. However, soft skills such as strategic thinking (39%), communication skills (39%) and attention to detail (31%) are of equal importance.
Many mid-to-large enterprises are choosing chief operating officers (COO) or data protection officers (DPO) to ultimately head-up GDPR programmes. But even this approach presents its own unique problems. Businesses should hire leaders that have genuine data privacy and data protection knowledge across the IT security, legal or compliance landscapes. GDPR is a new concept but these disciplines ensure candidates are well on their way to understanding the next legislative step. The person accountable must be committed to introducing this change. For many organisations, they are the difference between success and failure.
The reality is that most candidates accepting jobs in this area will not have a vast amount of GDPR knowledge or experience to seamlessly implement these imminent changes. However, as the role will require a candidate to influence the business during this transition period and any future developments, there are professionals who naturally possess the right transferable skills. Candidates with a holistic understanding of other regulatory changes such as MiFID ll, SOXs, DoddFrank initiatives, XBLR tagging, IAS, or talent from finance, IT and data, and compliance, will have transferable skills that will prove invaluable to this new process. To bolster their knowledge of the technicalities of GDPR, enrolling the best talent onto a specific GDPR training programme, such as GDPR Practitioner, ensures candidates are well aware of the business challenges ahead. The right mix of technical ability and communication, collaboration and leadership skills will ensure organisations will have the best talent in-house to remain compliant.
Ultimately, the type of role that businesses recruit for to support GDPR will vary depending on the size of the company. But what is certain is the need for the right mix of technical and managerial skills to safeguard the compliance process, with professionals that can toe the line between skilful business leadership and effectively influencing data practices and policies.
