If you want a job in Europe, brush up on data privacy.
New EU laws on data protection will force companies across the continent to hire more privacy experts during the next two years as they work to comply with law. As many as 28,000 new jobs will be created, according to new research by the International Association of Privacy Professionals (IAPP), a trade organization. Tech, healthcare, drug and financial services companies that process large amounts of data will become particular hotbeds for hiring.
“Every organization trying to use data” will need to hire privacy professionals, says J. Trevor Hughes, chief executive of the IAPP. The trade group now has only 3,000 members in the EU. Companies have two years to comply with the EU’s new General Data Protection Regulations (GDPR). The IAPP study arrived at a conservative estimate, Hughes says, and the actual number of new data-protection officers required could be far higher, he said.
The GDPR replace local data protection laws. The rules are stricter and apply to all companies, regardless of size, who process data at a “large scale.” What constitutes “large scale” is open to interpretation, Hughes says. The law firm Olswang has noted that “life for international companies will not get easier” with the GDPR’s passage.
Companies will be allowed to outsource data-protection work, so many consultancies and law firms have been building their privacy and data protection practices. “They’ve seen this coming for a year,” Hughes says.
The role of data protection officer has become increasingly lucrative. The median salary for a data protection officer has grown by about 50% between 2003 to 2015 to $152,000 a year, an IAAP survey shows.
Tech companies have hired most of the data protection officers and many won’t have to hire more, Hughes said.
Privacy and data protection are at the heart of tensions between global tech companies and European law. Companies shipping data between the EU and the United States are currently in a legal limbo, after the longstanding Safe Harbor data-protection framework was stuck down last year by Europe’s highest court. It ruled that the US didn’t provide EU citizens’ personal data with sufficient protection from government surveillance. A replacement, called the EU-US Privacy Shield, is being rushed through legislation, but there’s no guarantee it’ll be approved by member states, or that it won’t be challenged in court by privacy advocates on the continent.