Companies across Europe will collectively need to appoint over 28,000 new data protection officers (DPOs) ahead the enforcement of the recently passed EU General Data Protection Regulation (GDPR) regulations in 2018, according to a new study.
The claims were made in a report published today (20 April) in a report by the International Association of Privacy Professionals (IAPP), which asserted that the sheer scale of the new requirements for data collection and processing in the EU means companies will have to appoint or contract a host of DPOs.
The trade body cited Article 37 of GDPR which requires controllers and processors of personal information (in both the public and private sector) to designate a data protection officer.
In particular those brands and agencies using programmatic advertising technologies will have to take heed of these warnings, as the same article also stipulates that this law applies to outfits whose “core activities” require “regular and systematic monitoring of data subjects on a large scale”.
The IAPP claims the GDPR regulations stipulate that DPOs in particular possess “expert knowledge of data protection law and practices”, plus the ability to fulfill the tasks designated under Article 39.
Key among the tasks of the touted 28,000 DPOs include: ensuring regulatory compliance; training staff on proper data handling; co-ordinating with regulators; plus an understanding of data processing risks.
The IAPP calculated the required number of DPOs based on an assessment of companies with a headcount of over 250 employees made available by Eurostat.