This post was originally published here by (ISC)² Management.
The sweeping new privacy law that went into effect in the European Union in May has significantly boosted demand for data protection expertise, according to job postings site Indeed. A report from the popular recruitment site found that job openings for data protection officers (DPO) have skyrocketed 829 percent since 2016 as organizations took steps to comply with the General Data Protection Regulation (GDPR).
The need for the expertise is about to get even greater, thanks to a newly approved data privacy law in California, the world’s fifth largest economy. The new law was rushed through the state’s legislation to preempt a more stringent privacy regulation that was headed for the ballot in November. It takes effect in January 2020.
The California law is less expansive than GPDR, but it will still have a profound effect on how personal data is handled. It gives consumers the right to know what data companies collect about them, why, and with whom they share it. Consumers will have the right to correct the information and ask companies to delete it, not share it or sell it.
GDPR affects entities that handle personal data such as email, IP and street addresses. Organizations must have a lawful basis for processing and storing the data, with the consent of the data subjects, and only for as long as necessary. Violators risk fines of up to €20 million.
Creating Demand
By some estimates, GDPR has created some 75,000 job openings globally in the cybersecurity and data protection space. Among the law’s many requirements, it tells organizations they must retain a DPO if they regularly engage in “systematic monitoring” of personal data on a large scale. This requirement has been subject to criticism for being too open to interpretation, but the reality is, plenty of employers need to comply; hence the big boost in job postings.
How the California law compares in creating demand for expertise remains to be seen. Organizations have about a year and a half before the law goes into effect to assess what steps to take to achieve compliance, including whether they will need to create new positions and hire experts to fill them.
Of course recruiting experts will be far from an easy task considering the persistent skills shortage in cybersecurity. As with the EU’s regulation, complying with the law will require changing and updating existing business processes and introducing new ones, all of which will necessitate skilled personnel.
Mirror Effect
One of the most common complaints about GDPR is that it imposes new costs on companies to achieve compliance. And that goes not just for European companies but also entities from the U.S. and other countries that operate in the EU and handle the personal data of its residents.
The California law is bound to have a similar impact, forcing organizations that are not based in the state to achieve compliance if they handle private data of California residents. While organizations may view it as a burden, it’s another opportunity for cybersecurity professionals and jobseekers. A job market that already offers abundant opportunities is about to get even bigger.