Hello from London!
Yes, this is the Asia-Pacific Dashboard Digest. I just happen to be traveling in the U.K., and what an interesting few days it has been. While GDPR, naturally, is on everyone’s lips, there has also been much interest in Asia. Many of the folk that I and my IAPP colleagues have met have global roles and they are having to look east as things develop apace in Asia.
I was fortunate to be able to attend EY’s Data Protection event in London to hear from leaders in the privacy field, including Commissioner Liz Denham of the U.K. ICO. My colleague Paul Jordan, IAPP managing director for Europe, will no doubt cover that in his MD notes tomorrow. The session that I found particularly interesting, though, was about diversity. The panel (Vivienne Artz, Citi; Shash Patel, Air Products; and João Torres Barreiro, CIPP/E, HCL Technologies) agreed that data protection or privacy is a very egalitarian field and fairly gender-neutral, although it would be great to encourage younger folk into it! Apart from the generational issue, there was a view that the profession could benefit from attracting more nonlawyers. So, the issue is not so much one of diversity but of attracting the requisite talent in sufficient numbers.
There was consensus that DPOs need to be a hybrid, with technology, legal, compliance, and risk-management skills, and, certainly in the beginning, some program management skills. Given the shortage of suitably skilled people in this field, organizations are struggling to fill roles and would do well to develop the skills internally, perhaps by creating privacy champions (in their existing roles) in various business areas within their organization, with a view to one or two of these progressing to fully fledged DPOs or CPO. When I speak to groups, I always advocate privacy as a career option and encourage people to get certified to differentiate themselves. Anyone with a genuine interest and competency in the field could go far, and perhaps at the same time lower the average age!
Another aspect of diversity is that of geographies and cultures. Organizations are having to think across borders about whom they deal with and whether they hold data to the same standards as their home geography. Multicultural understanding is a definite advantage when considering how we got here. Europe is a great example of how people are much more protective of their personal data than in other cultures.
Finally, flexibility and a risk-based approach were aptitudes that would also be advantageous to a potential DPO. Some regulations are still open to interpretation and your U.S. or Asian offices may have a different view or priority, based on their history, culture and regulatory environment. To quote Joao “it’s all about risk.” As a risk manager myself, I can definitely relate to that.