Tony Anscombe, Chief Security Evangelist, ESET

December 16, 2019

1 Min Read

Question: I need to hire a data protection officer. What should I be looking for in a potential hire?

Tony Anscombe, global security evangelist and industry partnerships ambassador, Eset: The EU's General Data Protection Regulation (GDPR) requires companies to appoint a data protection officer (DPO). While not a requirement by all legislation, having a person responsible for data protection in an organization does bring ownership and authority to this important task.

What skills should you look for when recruiting a DPO? First, the person must understand the relevant legislation and what constitutes personal information so they can identify where data is being held and ask the crucial questions of why it was collected and whether it still required.

Record-keeping (of audits, risk assessments, data access, monitoring, etc.) requires pragmatism – a key trait in a DPO. Yet this person must strike a balance between a pragmatic approach and also holding authority within the business, as the DPO role is also customer-facing. When consumers request copies or deletion of their data, the right processes need to be in place to deliver or delete as necessary.

Adding to these essential skills is the ability to educate employees on the correct methods for data processing and to educate the business on the reasons to comply. Last, an understanding is necessary of what technology is needed or available to protect the data.

In summary, look for a DPO who is a strong communicator and an independent worker, with legal knowledge and technical background, who can carry credibility and authority within the business.


About the Author(s)

Tony Anscombe

Chief Security Evangelist, ESET

With over 20 years of security industry experience, Tony Anscombe is an established author, blogger and speaker on the current threat landscape, security technologies and products, data protection, privacy and trust and internet safety. His speaking portfolio includes industry conferences RSA, Black Hat, VB, CTIA, MEF, Gartner Risk and Security Summit and the Child Internet Safety Summit. He is regularly quoted in security, technology, and business media, including BBC, the Guardian, the New York Times and USA Today, with broadcast appearances on Bloomberg, BBC, CTV, KRON, and CBS.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights