7,000 data protection officers needed for UK firms

Brussels’ chiefs may have caved in over plans to force companies which process personal data – virtually all businesses these days – to hire a data protection officer but at least 7,000 firms will have to find one from somewhere before May 2018, according to new claims.
Research conducted by GO DPO, the strategic partner for the Henley Data Protection Officer Programme, estimates that around 7,000 large companies – employing over 250 employees – will need to recruit and train at least one DPO each during the next 24 months.
Between now and when the EU General Data Protection Regulation (GDPR) comes into force on 25 May 2018, that equates to having to train around 14 DPOs every single working day. The role commands a salary of up to £60,000 a year.
However, if anything this an under-estimate of the actual requirement, according to GO DPO chief executive Darren Verrian, as many banks and insurance companies employ more than one senior manager to fulfil the requirements of a DPO, whose role can involve handling millions of customer and client accounts.
Verrian added: “Our conservative calculations are based on figures published by the BIS at the end of last year and exclude 33,000 medium-sized companies that employ 50-249 employees, many of which will also need to appoint a DPO.
“Not all companies will want to employ an in-house DPO but will opt for a third party provided DPO managed service. However, these independent contractors will also need to be trained.”
Henley Business School head of open programmes Mike Davis said that the underlying figures for the recruitment and training of a DPO actually conceal the vast amount of changes to data processing policies, processes and procedures.
He maintains that these changes must be undertaken as a matter of urgency in order to protect business continuity in the face of one of the biggest shake-ups in data protection in over two decades.