Data Protection Officer Drought Predicted - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud // Software as a Service
02:44 PM
Thomas Claburn
Thomas Claburn
Connect Directly

Data Protection Officer Drought Predicted

Google's global privacy counsel doubts there are enough data defenders to help companies comply with EU data rules.

Mobile World Congress Preview: 10 Hot Devices
Mobile World Congress Preview: 10 Hot Devices
(click image for larger view and for slideshow)

Be careful what you wish for: Five years ago, Google global privacy counsel Peter Fleischer called for privacy standards around the world to be harmonized because the regulations were all over the map.

Privacy laws around the world might not ever be in perfect harmony, but lately even the freewheeling U.S. seems to be marching to Europe's insistent drumbeat of data protection. Earlier this year, the European Commission proposed a broad reform of the EU's 1995 data protection regime. A month later, the Obama administration issued its Consumer Privacy Bill of Rights as part of a broader data privacy initiative.

Although the EU's new data protection rules might not complete their journey through the legislative process for a few more years, companies have to start thinking about the impact of the regulations well before then.

Writing on his personal blog on Friday, Fleischer warned that there are not enough experienced data protection officers to meet the impending legal requirements and that more need to be trained.

[ Read EU Data Rules Worse Than SOPA? ]

"Soon, many thousands of companies operating in Europe will be looking to appoint [data protection officers] to meet legal obligations, and since there is no available pool of such people, companies need to start thinking now about how to recruit, train and resource a DPO, and/or an entire DPO team, for the large companies," he wrote.

The EU requirement to employ a DPO applies to companies with more than 250 workers. However, EU data laws should be considered by any company with customers in Europe, such as mobile app makers. The potential fines for violating EU data rules make compliance a necessity: up to 1 million euros or up to 2% of a company's global annual revenue.

Fleischer sees three viable approaches to the new rules, depending on the complexity of companies' data processing requirements.

Companies that have relatively simply data operations can probably just train personnel from human resources or marketing, he suggests.

They might also be able to outsource the DPO role, which he sees as a potential business opportunity for entrepreneurs.

Companies with large, complex data processing and handling operations will have the most adjustment to do. "[T]oday, rather shockingly, some of the world's largest data processing companies, with mega-databases of trillions of pieces of personal data, do not have a single heavy-weight DPO on staff," he wrote.

Fleischer argues that such companies need to give DPOs resources and authority, something that will come from knowledge of privacy laws and willingness to defend privacy interests. Though internal executive support for the DPO's mandate matters, he suggests that DPOs will have some inherent power through legal protections against unfair dismissal.

The effort to achieve and maintain compliance with Sarbanes-Oxley requirements remains one of the primary drivers behind many IT security initiatives. In our Security Via SOX Compliance report, we share 10 best practices to meet SOX security-related requirements and help ensure you'll pass your next compliance audit. (Free registration required.)

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

New Storage Trends Promise to Help Enterprises Handle a Data Avalanche
John Edwards, Technology Journalist & Author,  4/1/2021
11 Things IT Professionals Wish They Knew Earlier in Their Careers
Lisa Morgan, Freelance Writer,  4/6/2021
How to Submit a Column to InformationWeek
InformationWeek Staff 4/9/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Successful Strategies for Digital Transformation
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll