The European Union’s General Data Protection Act (GDPR) is now in effect, and the ramifications on companies doing business with European customers are significant. Hiring for the GDPR is absolutely crucial for even American companies seeking to navigate GDPR compliance. Staffing regulatory and IT talent will be vital to this transition, but it comes with unique challenges.

The Challenge of GDPR Compliance

Until now, the internet has been a self-regulating ecology in which large companies governed their own collection of personal data and how this data was used. But the European Union has now taken dramatic steps to protect user privacy and data. Consumers have been granted significant rights over how their data is used, but this comes at a price for companies handling and collecting this data. Some of these new rules companies must comply with include:

• Frequent and explicit “opt-in” consent from consumers, which may be withdrawn at any time “without detriment.”

• Security breaches must be disclosed immediately – and ignorance of the breach by the firm is no excuse.

• Firms who collect data are responsible and liable for third-party handling.

In the age of the Facebook-Cambridge Analytica scandal and frequent data breaches from companies like Target and Equifax, demand for regulatory and internal audit talent is critical.

Hiring for the GDPR

No doubt about it: the GDPR is an expensive change. The IT technology alone will cost an estimated $1 million per company doing business with European customers. Then there is the cost of hiring. European companies will hire an estimated 28,000 data protection officers (DPOs), according to one study. And as many as 75,000 DBO positions will need to be staffed around the world.

The seismic impact of these new regulations will be noticeable across all organizational departments, from policy and procedural changes to marketing and sales. But the real need will be for internal auditors. Auditors will be crucial in assisting DPOs, raising compliance awareness, identifying key risks, and driving the transition within each organization.

The obstacle in hiring for the GDPR is identifying talent with the adequate skills needed to address the massive gaps opened up by this new law. Internal auditors must combined several crucial skills, such as:

• Analytical abilities

• Communication skills

• Integrity, courage, and other virtues

• Conflict management

• Business acumen

• Industry specific knowledge

• Data mining and cybersecurity prowess

The Right Approach to Hiring for the GDPR

The right mix of traits and skills will help companies navigate the GDPR and bring their organizations online. Without the right talent, gaps will go unplugged – from requirement awareness to privacy design to security vulnerabilities. But what is the secret to finding and successfully hiring these professionals?

1. Retention

Hiring from within and keeping your best IT and auditing professionals is an efficient use of your company’s talent. Identify current employees with this unique combination of skills and invest in them. Manufacture audit talent from within by training IT professionals with these traits to successfully take over auditing functions. In the words of Vijayant Sitani, CAE for Paccar:

"Manufacturing” auditors is a way of doing business at PACCAR Internal Audit. We recruit high potential mid-management professionals from all functions in the company, train them into various aspects of auditing, business and leadership skills and give them an opportunity to do audits across various functions and divisions...a companywide training is being planned on GDPR for select employees. Internal Auditors will be part of that group. Internal Audit recruits from the company’s data security organization for its IT auditor positions.”

2. Hire When Available

Too many times outside talent becomes available when companies are not actively hiring. The most successful companies jump on opportunities as they become available. By building relationships with specialty recruiters, they can monitor the stream of talent and snatch up the best professionals in preparation for future openings.

Hiring for the GDPR doesn’t have to be daunting. The new regulations certainly pose a challenge. But with the right hiring tactics, companies can stay ahead of the game with the right talent.

Sources:

• https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN

• https://misti.com/internal-audit-insights/internal-audit-departments-struggle-to-retain-high-performers

• https://iaonline.theiia.org/blogs/chambers/2018/Pages/For-Internal-Audit,-the-War-for-Talent-Is-Pivotal.aspx

• https://blog.protiviti.com/2017/08/08/internal-audits-role-will-be-key-in-the-gdpr-journey/

• https://www.imperva.com/blog/2017/08/gdpr-job-market/

• https://hbr.org/2018/04/gdpr-and-the-end-of-the-internets-grand-bargain

• https://iapp.org/news/a/study-at-least-28000-dpos-needed-to-meet-gdpr-requirements/

• https://www.mediapost.com/publications/article/309342/the-price-of-compliance-study-uncovers-gdpr-costs.html

• https://www.falconsearchinc.com/about