(A version of this blog was originally published on August 18, 2017.)
The EU General Data Protection Regulation (GDPR) will create a demand for “at least 75,000” data protection officers (DPOs) worldwide, according to a study published last year by the International Association of Privacy Professionals (IAPP).
The IAPP study, which was designed to determine the global reach of the GDPR, found that the US will have the largest demand for DPOs (9,000), followed by China (7,568), Switzerland (3,103), and Russia (3,068).
Despite being an EU regulation, the GDPR will reshape data protection practices for many US companies, as it applies to any organization in the world that processes EU residents’ personal data.
Any organization or public authority in the world that processes EU residents’ personal data on a large scale must appoint a DPO.
Under the GDPR, the DPO will be responsible for helping organizations achieve and maintain compliance with the Regulation.
Given the Regulation’s stringent requirements – and the significant disciplinary action for organizations found to be in breach of them – DPOs must be appointed on the basis of professional qualifications and qualities. In particular, they must have “expert knowledge of data protection law and practices.”
A much stricter law
The GDPR protects and strengthens data subjects’ rights and codifies new ones, such as:
- The right to be forgotten
- The right to object
- The right to bring class actions
- The right to data portability
It also includes a number of rights related to automated decision making and profiling. For example, unlike the GDPR’s predecessor, the Data Protection Directive, the GDPR allows data subjects to raise objections. If that happens, the data controller must provide justification for continuing to process data or demonstrate that the processing is in line with the data subject’s legal rights.
GDPR Foundation training
You can find out more about the forthcoming changes by enrolling on our Certified EU General Data Protection Regulation Foundation (GDPR) Training Course.
This one-day course will be held in Boston, MA, on November 28, 2017.
It provides a comprehensive introduction to the Regulation and explains the implications and legal requirements for all organizations, including whether or not they need to appoint a DPO. The course is ideal for directors or managers who want to understand how the GDPR affects their organization, employees who are responsible for GDPR compliance, and those with a basic knowledge of data protection who want to develop their career.