As the introduction of the General Data Protection Regulation (GDPR) draws ever nearer there is a need for tens of thousands of suitably experienced data protection officers (DPO) to work with businesses and organizations that deal with mass processing of data and monitoring of people.
Although there is no requirement for DPOs to be formally qualified, it is important that they have a significant amount of relevant experience in dealing with data protection issues. This is to help them deal with the complexities of GDPR, and advise businesses accordingly.
The first country to introduce DPO accreditation
In recognition of the need for expert DPOs, Spain is the first country within the EU to introduce formal accreditation for the role. In order to be considered for accreditation, an individual needs to:
- Have experience of working in a data protection role for at least five years, or
- Have experience of working in a data protection role for at least three years and have undergone at least sixty hours of relevant training, or
- Have experience of working in a data protection role for at least two years and have undergone at least one hundred hours of training, or
- To have undergone at least one hundred and eight hours of training.
What DPOs will need to know about?
The training in Spain will involve participants learning not just about GDPR but also about Spanish data protection laws and International data protection laws. The intention is for them to have well-rounded knowledge in the subject.
Spain is the first country to introduce this type of accreditation. It remains to be seem how many other countries will follow suit, before 25 May 2018.