Recruitment Themes and Predictions for 2018 - Data Privacy

  • June 13, 2018

We draw on our experience as a specialist data privacy recruiter to discuss what is changing within the specialisation and share our predictions for the rest of 2018.


It’s fair to say that 2018 has been a huge year for data privacy, and it’s been a hot topic for discussion from boardrooms to newspaper front pages. As organisations have been taking the steps needed to meet the requirements of the General Data Protection Regulation (GDPR), FourthLine’s Privacy team has grown into the largest specialist data privacy recruitment team in the UK. With 10 consultants solely focused on helping businesses make permanent and interim data privacy and information security hires across the Financial Services, Technology, Retail, Media and Publishing sectors, we consider what is driving hiring demand this year and what the rest of the year will have in store.

What skills are in demand this year?

With so much attention and resources being geared towards GDPR compliance, it’s unsurprising to find that demonstrable GDPR project experience is high up on the list of attributes that employers are looking for. There is a desire to see candidates who have led or contributed to the delivery of successful GDPR projects, from initiation through to closure with quality work delivered within the agreed timescale.

Specific operational skills are going to be in high demand, with employers requiring expert talent who can look at policies and procedures, ensure they are up to date and then put them into practice across their business. The ability to produce quality risk assessments and Privacy Impact Assessments, or answer Subject Access Requests effectively and efficiently, are all going to be sought after skills.

Experts with strong stakeholder management and relationship skills are also going to be in high demand this year. Where previously roles may have been focused around getting programs up and running with some stakeholder investment, there is now going to be a shift towards embedding data privacy practices within the culture of a company and educating staff cross the wider company. As we discussed in How to select and interview a DPO, DPOs who can relate and engage constructively across a business will be highly desirable for employers.

Of course, not all data experts will necessarily have the strongest interpersonal skills, so there may be opportunities to provide content and guidance to professional trainers who can then come into an organisation and deliver the required training.

What types of experts will be in hire demand?

GDPR has led to an increased demand for Project/Program Managers and Business Analysts, usually brought in on contracts to deliver GDPR compliance within an organisation. We expect to see these types of experts still in demand as organisations continue to get themselves compliant, but with GDPR now here we should see organisations looking for permanent GDPR SMEs as companies think long-term about continued GDPR compliance and the embedding of data privacy practices at the heart of their outlook.

Specifically, we expect SMEs with demonstrable data privacy experience, such as DPOs, Data Protection Consultants and Managers, and lawyers, to be in particularly high demand. As the supply of DPOs will be unable to meet such high demand, it’s possible that experts who were previously in interim roles could look to become DPOs in order to fill any gaps.

We also anticipate a demand for data privacy trainers, who can either work in-house or come into a business and train staff on all matters of data protection. This could be an excellent career move for those currently working in interim roles who are coming towards the end of their contracts.

What is driving change within the privacy sector?

It goes without saying that GDPR is the biggest driver of change within the privacy sector, and this is expected to continue for at least the next 6 months as organisations continue to get themselves into a position of on-going compliance.

The Data Protection Bill and the new ePrivacy Regulation can also be viewed as drivers of change, with the latter now expected to arrive next year and worthy of attention. The Senior Managers and Certification Regime (SMCR) also needs to be considered, as it will hold senior managers to account for their organisation’s use of data.

How is data privacy recruitment changing this year?

The biggest shift we expect to see in the privacy sector this year is an increase in the demand for permanent rather than interim professionals, especially towards the later stages of the year. Contract employment was in high demand due to the pressure to deliver GDPR projects, but with contracts coming to an end as work is completed companies will now be looking more long-term in their privacy goals.

We expect to see companies looking for full time DPO roles, as they consider ways to embed privacy into the heart of their business and develop an ethical culture of data processing. Indeed, any new product or project will be approached with data protection a consideration from the very start. Processes and procedures that were set up as part of GDPR programs will need to be continually reviewed and updated as businesses evolve.

What are FourthLine’s predictions for the rest of 2018?

At FourthLine we expect to continue assisting companies with the recruitment requirements of their GDPR projects across the remainder of 2018, but as mentioned above there should be a shift towards an increase in permanent roles later in the year. It’s probably fair to say that a lot will depend on what sort of penalties are handed out by the ICO to non-complying organisations.

With companies trying to save money and a lack of experienced data professionals in the market, we should see organisations consider training up compliance juniors into DPO roles within their current company, potentially asking contractors to deliver training before their contracts finish. Alternatively, there me some lenience in skill set requirements, as there simply isn’t the supply of experienced DPOs to meet the current demand.

We also expect to see data privacy experts moving from the public sector to roles within either the financial or wider private sector, and also foresee an increase in new data protection auditor roles.

Finally, with the expected switch of contractors into permanent positions there could be a clash between candidate’s salary expectations and the reality of what companies are prepared to pay. Accustomed to high day rates, contractors may need to realign their expectations as they move to full time employment, but we may see salaries increase across the board as a result.

If you’d like to find out more about any of the above points or discuss your data privacy recruitment requirements, get in touch with our Privacy team on 0203 800 1558.



£ k