It seems that a chief data protection officer is not only an official job responsibility, it’s a necessity. It’s estimated there are now more than half a million data protection officers in Europe alone, one year after the General Data Protection Rule (GDPR) required companies operating in Europe to have one.
A report from the International Association of Privacy Professionals (IAPP) estimates 500,000 European organizations have registered data protection officers (DPOs) within the first year of GDPR. The IAPP research finds that 376,306 organizations have already registered DPOs in 12 of the 28 EU member states, with an average salary of $88,000.
Of course, it may be hard to find someone who has an official DPO title. The GDPR rule requires someone in the organization to be the DPO, but that could be anyone, from the head of IT to the chief operating officer (COO). The point is to make sure someone in the organization is officially responsible for data protection.
The number of DPOs worldwide will soon be significantly higher as additional regulations being implemented in other countries and states — such as California — go into effect. Once someone is identified as the DPO within an organization, it becomes simpler for managed service providers (MSPs) to focus their sales efforts.
Increased accountability helps encourage better data management processes
Far too many organizations have historically treated data protection as a low-level task roughly equivalent to a household chore. DPOs know they are now personally being held accountable for data protection and they are generally more willing to allocate funds to a service that helps ensure nothing goes wrong. Most DPOs intuitively realize that most of the data management processes their organization might have in place are deeply flawed in terms of their ability to comply with regulations such as GDPR.
Naturally, there are other emerging titles that have overlapping responsibilities, including chief privacy officer and chief data officer. Regardless of the title, the fact that someone is specifically charged with treating data as an asset should signal to MSPs that the company views data protection as a critical function.
Most people appointed to these roles go through a lot of on-the-job training, so savvy MSPs should engage DPOs by sharing their data protection expertise. As MSPs already know, the hardest part of any deal is often just getting the initial meeting. That’s twice as hard when DPOs are being inundated with product pitches.
Many DPOs are already in a tough bind, so they should be receptive to any service provider that reaches out. However, most DPOs are not looking for a magic silver bullet to solve their problems. They want to have confidence in a process versus randomly backing up data using any number of incompatible tools already strewn across the enterprise. In fact, the biggest challenge most DPOs face is not finding a way to back up and recover data, but rather finding a way to bring some order to a process that is often much more chaotic than they would ever want to admit.
Photo: Daniel Krason / Shutterstock.