American supply chain software business requires UK based DPO

FourthLine reached out to the client, an American supply chain software business, with the knowledge that the client was based in the US but had a significant UK and European presence. We suspected that the organisation processed EU data and would therefore require a UK or European-based Data Protection Officer in order to comply with the forthcoming GDPR, which turned out to be the case.

The issue:

The client required a DPO to work in Europe alongside the European legal director, reporting in to the US General Counsel. Although the client had a large sales force in UK and Europe, they had no regulated oversight of them and as such, needed someone on the ground to keep them in check whilst developing and embedding a privacy culture within the business.

Adding an extra level of complexity to the hire, the client asked to see senior data protection specialists who had international experience in the software business.

Our solution: 

We began conversations with the Head of Acquisition in mid-2017. At this point we supplied the client with the latest market information, salary benchmarking and the advice to move as quickly as possible with GDPR looming and the increased demand for data protection specialists. A call was quickly arranged with the hiring manager, after which we supplied a shortlist of suitable candidates from our extensive network of expert talent. All six shortlisted candidates were interviewed, with three progressing to the second stage. Within three weeks of the original call the client offered the role to their preferred candidate, though unfortunately the offer fell through due to a counter offer from the candidate’s current employer.

We went back to the drawing board, and due to the extensive nature of our network were able to source another shortlist of six new candidates. Following another three-stage interview process, we successfully placed a candidate with the client at the end of September.

Following a proposed change of reporting line, we advised the client to ensure the reporting line went directly to board level to ensure that they were fully compliant with GDPR.


Topics: Technology Media and Telecoms, Data Privacy & Information Security

March 13, 2019