With the introduction of stringent data protection laws in many countries, companies across the world are focusing on taking steps to embed privacy as part of the organisation’s strategy. General Data Protection Regulations are forcing the companies across the world to take actions to protect the data of their users. GDPR imbibed the realization that a data privacy management framework is critical for the reputation of the company / brand and can also directly impact the bottom-line in a positive way.
From an operational point of view, the reality is that many companies are still grappling with how to ensure compliance with the GDPR within existing framework. Clearly, it is an uphill task for most. It is not surprising that a new trend we are seeing is the moving of privacy out of the purview of the legal and the Information Security teams, and creating a new role of the privacy professional. Indeed, privacy and data protection management is already becoming a new profession in its own right.
Usually, individuals best suited for this role have a background in IT security, good knowledge of the business lines, and who have become legally trained in the data protection legislation that applies to the organisation’s theatre of operations.