Posted on 14/07/2017 by Adrian Kinnersley
Author: Adrian Kinnersley | Global Managing Director
The General Data Protection Regulation, or GDPR, will take effect on 25th May 25th, 2018. It will supercede the current Data Protection Directive, the 1998 Data Protection Act, but the new regulations are a whole different kettle of fish; something that, despite the two year transition period, many companies will still be largely unprepared for, due to the unfamiliarities in the legislation. For even though the two acts may appear similar, there are a number of significant differences that companies will need to become acquainted with to ensure immediate compliance with the law once the regulation comes into effect.
One of the most obvious differences between the two data protection acts is the opt-in consent. Under the DPA, negative opt-ins have primarily been used, while under the GDPR consent must be explicit and clear. Consent will also need to be given for each individual activity – marketing, sensitive data, and so on – and all data processing conditions must not only be met, but must also be able to be proven. Furthermore, there is more pressure than ever before to get it right. Under the DPA, companies could be fined for breaches under 8 principles; with the GDPR, there are 28 possible administrative breaches. The financial penalties are particularly steep and linked to a % of turnover so businesses big and small could feel serious pain.
During initial implementation of the GDPR especially, the risk of error is high, which can result in subsequent financial stress to a business should confidentiality breaches occur. This means that individuals with specific and unique skills relating to data collection and processing, legislation, and the effective and efficient handling of confidential information are going to be in high demand. It is expected that the implementation of the GDPR will spark a massive rise in both GDPR jobs and in data protection jobs on the whole, as companies across the UK work to protect their business, and their employees.
A lot of companies will be late to the party and slow to realise all areas of their business that GDPR will reach. They may well engage Data Protection Consultants which will lead to a spike in GDPR contract jobs OR outsource the whole process to consultancies. It’s at this point they will realise the scale of the task and the number of roles they will need to source candidates for. Data Protection Officer Jobs will inevitably spike in demand. The Chief Data Protection Officer must report direct to the board and operate independently with reach across the whole organisation. Larger companies are likely to rush to hire GDPR Programme Managers and GDPR Project Managers to plan and execute their change programmes. Any point in a business that collects customer and consumer data will be impacted changing web development, cyber security, data warehousing etc etc
Businesses which currently outsource a selection of tasks – particularly those which outsourced HR duties and other tasks involving confidential or sensitive data – are likely to experience a greater need for new hires with these specific skills, especially if these tasks are outsourced outside of the EU. The new regulations are, in part, aimed at addressing and restricting data export outside of the EU, which will increase the need for businesses to be able to safely and securely handle their own data, and may result in a rise in software changes and a more detailed understanding of complex business processes.
Due to the financial risk to many businesses, it is imperative for companies to act fast and start considering how the implementation of the GDPR could affect them. It is time to look at how your business currently handles its data, and how processes may need to be amended as a result of the new regulations. Jobs within the privacy sector, such as legal and compliance consultants e.g. KYC contractors, as well as individuals with specific technology and data handling skills, are expected to be in high demand, so now is the time to start the ball rolling and ensure your business has what it needs to succeed in a GDPR world. For more information, schedule an appointment with one of our advisors. If you are a candidate seeking a position, create a profile today to see a range of offers in your field.