Amedeo Maturo

Protección de Datos y Administración Electrónica

GDPR Specialists: do they exist?

I’ve been recently reading about the hard task of finding genuine GDPR Specialists in Europe and I’d like to give an important advise to recruiters: there’s not such as thing as “GDPR Specialist“.

The facts and the numbers

General Data Protection Regulation – Regulation EU 2016/679, aka GPDR, was published in May the 4th, 2016. Let’s assume that privacy professionals (rara avis, indeed) have been studying this new regulation since the very first day (they haven’t, but let’s assume the hypothesis). In this case, we have a (limited) number of professionals with less than 12 months experience on this subject. Can we call them specialists? I hardly think so. At least, we can call them “GDPR intense readers“,  but we’re pretty far from defining them as “specialists“.

Let’s assume another hypothesis: privacy enthusiasts are fast learners and they’re clever enough to become specialists in such a short period of time.

In this case, these GDPR champions have the Valhalla/Promised Land/Perfect Job panorama in front of them. Once again, let’s go back to the facts and the numbers.

Article 37.1.a), GDPR says that every public authority or body shall designate a Data Protection Officer (DPO). And a DPO can be designated only on the basis of expertise on data protection law and practices (Art. 37.g, GDPR). Ergo, DPO=GDPR Specialist.

How many DPOs do we need? Again, facts and numbers.

In Spain, there are more than 8,000 municipalities; that means that a similar number fo DPOs should be needed. We don’t need to expand this basic calculation to the rest of the EU Countries to realize that there are no GDPR Specialists enough to fulfill all the jobs required.

Conclusions

  1. If you’re reading this post, you’re probably not a GPDR Specialist; they’re too busy to read. Actually, it is quite plausible that they don’t even exist.
  2. Even if you pretend to have read the S.D. Warren and L.D. Brandeis seminal article (because you did it, right?), you’re still not a GDPR Specialist. It’s a wax-on/wax-off process and you’ve just started the journey.
  3. For the very few privacy champions out there that can be called GPDR Specialist: I salute you. I’d like you to be patient with all the impatients recruiters, desperatily trying to catch you. You have a great power but, remember: “With great power, comes great responsability” (Uncle Ben said).

Next post will probably be about privacy professionals and the so called “broken English“.

Categoría: Data Privacy Officer, Data Protection, DPO, GDPR, General Data Protection Regulation, privacy, Reglamento Europeo de Protección de Datos

Etiquetas: , , , ,

2 Comentarios

  1. Ian Tibble dice:

    I’m sure they exist because this is the way the sector rolls – there are specialist in every micro area, even if it takes 5 minutes to learn the relevant stuff. But should there be a specialisation? No. Absolutely not.

Deja un comentario

Archivos

Mi Twitter

Temas