What is the ideal DPO profile?
The focus on legal and security skills misses the point
When you Google “DPO profile”, you inevitably come across articles that suggest that the ideal DPO (Data Protection Officer) is someone who will have previously worked in either Legal or IT Security. This is not surprising, since GDPR is a detailed piece of legislation that involves both the law and technology.
And yet, when you look at the wide range of skills required of a DPO, it quickly becomes evident that a dominant vertical skill — be it in law, technology or indeed anything else — is not really the main requirement. This is because the DPO’s role is a hybrid of legal, technology and business.
It consists essentially in:
- Interpreting data-protection laws and identifying compliance options
- Understanding these options in terms of compliance obligations vs business risk
- Working with the various functional areas (marketing, product development, finance, etc …) to arrive at the best solutions
In short, the role of the DPO is to find the right balance of privacy between compliance obligations and business risk. This requires the following mandatory three skills:
- leadership, and the ability to bring together the resources needed to get things done
- broad business and technology exposure, obtained through prior experience in IT and/or business
- communications and cross-cultural skills
Clearly, it is more important to be well-rounded than to be a specialist. After all, what good is a contract lawyer with limited business experience? Or a security specialist with poor communications skills?
Finally, you must have the intellectual curiosity to learn about new things outside your comfort zone. If you’re a technophobe lawyer, or a security specialist who’s uncomfortable with legal reasoning, you won’t last long as a DPO — assuming you even get the post.
At the end of the day, the DPO role is not about any particular vertical skill. Rather, it’s about how effectively you are able to understand data privacy and how it integrates into the business.
Michael Gentle is the founder of The Balance of Privacy, based in Geneva. For similar articles by Michael, click here.
