Jobs boom for 'Data Privacy Officers' under forthcoming GDPR

New data protection regime will require detailed record-keeping on data gathering and governance

Organisations will need to put in place new internal record keeping and other controls around data when the EU General Data Protection Regulation (GDPR) is introduced, warns DLA Piper legal director JP Buckley. And the new data protection law will apply to even the smallest of businesses.

That was one of the messages from Computing's web seminar yesterday in which Buckley and Fujitsu senior director of storage product marketing Frank Reichart examined the implications of the Regulation, with research from organisations across the UK from Computing.

"Data controllers and data processors... will have to keep really very detailed records of what decisions they take, how they manage contracts, what data they are gathering and why, and all the decisions around that in order to meet these new governance obligations," warned Buckley.

At the same time, the role of data privacy officers will also be radically enhanced, he added.

"There's a new requirement to appoint data privacy officers. That's a title that has traditionally been quite an administrative role - filling in those notifications or dealing with very ad hoc queries. It's now going to be a role that reports directly to the highest level of management and is involved in decisions around where data is being used and how. That's a really significant shift.

"That will apply to all public and private sector bodies that do 'routine processing of data'," he added.

However, the new Regulation will help cut back some bureaucracy compared to the current data protection regime, added Buckley.

"One of the big 'pros' is that we will have a single European law that applies in all member states. Harmonisation will actually make business more effective and easier to run," Buckley believes.

On a more practical level, "the requirement to register or notify every member state in which you operate has been removed... When operating in Europe you will be able to nominate your area of business and be regulated by that country's regulator in a principle that is known as 'one-stop shop'", added Buckley.

Computing's web seminar, 'GDPR is Coming - Make the Most of It', was first broadcast online on Wednesday 3 February at 11am. Register for email alerts to be the first to find out about future Computing webinars and events

Forthcoming web seminars include 'How To Build A DevOps Team That Really Makes A Difference' and 'IT Security and Ease of Use: Why Simplicity Makes For Better Business Security'