Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Edge Ask The Experts

12/16/2019
04:15 PM
Tony Anscombe
Tony Anscombe
Ask the Experts
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

What Should I Look for in a Data Protection Officer?

The right candidate will possess the following skills.

Question: I need to hire a data protection officer. What should I be looking for in a potential hire?

Tony Anscombe, global security evangelist and industry partnerships ambassador, Eset: The EU's General Data Protection Regulation (GDPR) requires companies to appoint a data protection officer (DPO). While not a requirement by all legislation, having a person responsible for data protection in an organization does bring ownership and authority to this important task.

What skills should you look for when recruiting a DPO? First, the person must understand the relevant legislation and what constitutes personal information so they can identify where data is being held and ask the crucial questions of why it was collected and whether it still required.

Record-keeping (of audits, risk assessments, data access, monitoring, etc.) requires pragmatism – a key trait in a DPO. Yet this person must strike a balance between a pragmatic approach and also holding authority within the business, as the DPO role is also customer-facing. When consumers request copies or deletion of their data, the right processes need to be in place to deliver or delete as necessary.

Adding to these essential skills is the ability to educate employees on the correct methods for data processing and to educate the business on the reasons to comply. Last, an understanding is necessary of what technology is needed or available to protect the data.

In summary, look for a DPO who is a strong communicator and an independent worker, with legal knowledge and technical background, who can carry credibility and authority within the business.

 

Tony Anscombe is the Global Security Evangelist for ESET. With over 20 years of security industry experience, Anscombe is an established author, blogger, and speaker on the current threat landscape, security technologies, and products, data protection, privacy and trust, and ... View Full Bio

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
   OVER THE EDGE
Building Cybersecurity Strategies in Sub-Saharan Africa

Filmed for Dark Reading News Desk at Black Hat Virtual.

LAURA TICH: We have that imbalance, where the big organizations are more protected, where the smaller ones -- which are the most common businesses in the region -- they are least protected... Sometimes they do get the tools, they do get the funding to buy some critical tools, but there's a lack of skills to handle or people who understand how to work those tools. So there are a lot of factors that contribute to our growth -- or lack thereof -- in the cybersecurity industry.

 

Name That Toon: 'Rise' and Shine
Flash Poll