‘Up to 75,000’ jobs in privacy may be created due to EU regulation
Some firms may face ‘operational hurdles’ over new law, privacy organisation says
The International Association of Privacy Professionals estimates that about 11,800 positions will be created in the EU in response to the new law. Photograph: Pawel Kopczynski/Reuters
Up to 75,000 jobs may be created worldwide for the new data-protection officer role required under a European Union regulation due to come into force in 2018, according to figures published by a privacy organisation.
The International Association of Privacy Professionals (IAPP), which opened its annual data-protection congress in Brussels on Tuesday, said it had “conservatively” estimated earlier this year that at least 28,000 such professionals would be needed in Europe and the United States once the General Data Protection Regulation (GDPR) takes effect in 2018.
Based on calculations of the numbers of companies likely to require a data-protection officer (DPO), it now estimates that as many as 75,000 positions – including about 11,800 in the EU – will be created worldwide in response to the new law.
The regulation governs the privacy practices of any company handling EU citizens’ data, whether or not that company is located in the EU.
“Because the EU’s 28 member states together represent the world’s largest economy and the top trading partner for 80 countries, many companies around the globe buy and sell goods to EU citizens and are thus subject to the GDPR,” the IAPP said.
The new EU law requires that public authorities and certain companies processing personal data on a “large scale” must have a DPO. By law, the position must be independent from the organisation that funds it.
Thousands of professionals will gather for the Brussels event, which will be addressed by EU regulators including European Data Protection Supervisor Giovanni Buttarelli. It runs until Friday.
Panels will examine issues such as the new regulation, due to come into force in 2018, privacy issues associated with connected cars and drones, and the future for international data transfers.
The IAPP said that for companies with experience of privacy programmes the new requirement for DPOs “should present little problem”.
“For those just getting up to speed, it may present more of an operational hurdle,” it said.
IAPP president and chief executive Trevor Hughes said: “The data-protection profession has been growing steadily for many years. We expect to see even more growth as result of the GDPR mandate. But good business is also a major driver; organisations today simply must address privacy concerns to succeed in the information economy.”