Whilst many FTSE 350 companies were recently revealed not to be taking GDPR seriously enough, the UK government certainly is with the news this week that the Home Office is recruiting a data protection office for the Directorate for Data and Identity. The new role will come with a salary of between £80,000 and £85,000.
The new post has been created thanks to the fact that the new European Union General Data Protection Regulation (GDPR) and the Data Protection Directive (DPD) will come into effect in May 2018. GDPR requires all public authorities to appoint a dedicated data protection officer to oversee compliance with the new regulations and embed what is called ‘privacy by design’ culture.
The new data protection officer post will lie within the Home Office’s Directorate for Data and Identity (DI), part of the Crime, Policing and Fire Group and the new recruit will provide key assurance, guidance, compliance and advisory functions on all data protection matters that affect the Home Office. The post holder will have a number of key duties that will include:
- provide leadership in raising the profile of data protection compliance across the HO and with those staff responsible for managing projects or work-streams that involve the processing of personal data ¯ this will involve close working with colleagues across the department;
- provide advice and guidance to Home Office staff who control and process personal data about their obligations pursuant to the relevant data protection laws, ensuring service delivery is balanced with compliance;
- monitor compliance with data protection legislation, including the assignment of responsibilities, awareness-raising including overseeing departmental training of staff involved in processing operations;
- design and implement a planned programme of risk-based audits to test compliance;
- provide advice on mitigating risks around data protection processing activities and data protection impact assessments, and monitor performance against the changes being introduced by the new regime;
- cooperate with the supervisory authority (the Information Commissioner’s Office in the UK) by acting as the contact point on issues related to the processing of personal data (including for major new projects), and provide information as requested on HO compliance in this area;
- provide advice following both data processing audits and data breaches, monitoring and working with the business to address identified issues.
Some commentators have however expressed concern at the level of salary on offer for the post. Graeme Burton of Computing.co.uk said:
“….the combination of responsibilities and the range of senior staff that the data protection officer will need to liase will also make it a highly challenging role – and it also comes with legal responsibilities that could see the holder of the post in court if a series data breach were to occur. Furthermore, while the role requires a technical understanding, the data protection officer will also need to have an in-depth understanding of data protection law, rights and responsibilities. The officer will also need to keep abreast of both UK and EU data protection law as the two diverge post-Brexit.
“Indeed, this is explicit in the job advert, which demands a “good knowledge and understanding of national and European data protection laws and practices including the DPA, GDPR and DPD and a willingness to become an expert in the resulting related UK legislation” as well as a “good understanding of information technologies and data security and the relationship between these and data protection”.
“The Home Office may therefore need to raise the remuneration on offer from the £80,000-£85,000 range it is currently advertising, especially given the competition across both the public and private sectors to recruit data protection officers right now.”
The data protection officer post is the first in what is expected to be a large number of posts to be advertised for data protection officers across the full range of government departments and agencies, as well as other sections of the legislative system.