The process to agree to the European Union General Data Protection Regulation was a long and drawn out one, but now that it has been confirmed, businesses can prepare to meet the regulations when they come into force in 2018.
The requirements for meeting the regulatory framework are becoming more apparent as businesses realise what exactly they will have to do in order to avoid breaching them.
One of the requirements will be for organisations with more than 250 employees to hire, appoint, or contract a data protection officer (DPO). According to research by IAPP, a privacy adviser, this requirement will mean that at least 28,000 DPOs in Europe alone.
Article 37 of the GDPR requires controllers and processors of personal information to designate a DPO when either the processing is carried out by a public authority or body, or when the controller’s or processor’s "core activities" require the regular and systematic monitoring of data subjects on a large scale, or consist of processing on a large scale of special categories of data.
So while a single DPO may represent a group of undertakings or multiple public authorities, or bodies, the role is going to be in extremely high demand.
The tech industry has already been widely reported as having a skills gap that has contributed to businesses failure to fully embrace new technologies. It would now appear that in Europe alone there needs to be 28,000 DPOs that must be designated on the basis of professional qualities. In particular they must demonstrate "expert knowledge of data protection law and practices," the regulation says.
Not only will many businesses require a DPO but they will also have to train staff on proper data handling, and coordinating with the supervisory authority, with an ability to understand and balance data processing risks. This will be a huge undertaking that is unavoidable.
Research from Cognizant, a consulting and business process outsourcing company, found that out of 422 executives across Europe, 94% have a gap in digital knowledge among staff that prevents them from remaining relevant in an increasingly digital age.
It was also found that digital strategy, big data, and digital marketing capabilities are the most critical competency gaps that organisations have today. Many identify the skills gap as being due to an insufficient supply of digital talent (50%), salary expectations being higher than affordable (32%) and internal opposition to new digital jobs (49%).
This research stands to highlight the problem that is facing businesses that now need to embrace data protection officers in addition to the other skills. The digital world of business appears to have suddenly crashed into organisations and they are wholly unprepared for it.
Research from CBI and IBM found that 45% of companies in the UK are falling behind in the adoption of digital technologies and processes, leaving the UK ranked fourteenth in the world for company-level adoption of digital technology.
Again, one of the biggest problems cited is a lack of appropriate skills inside their business.
Part of the problem is that half of employers aren’t training or taking on apprentices, despite knowing that it would help to fill their digital skills gap. Training existing staff and new staff through apprenticeships will be vital for organisations to avoid breaching GDPR regulations.
Considering that training and the narrowing of the skills gap will take time, it is imperative that businesses are proactive.
With only 21% of IT professionals in UK medium and large business sure about their compliance with GDPR and 18% admitting that the matter "strikes fear into their hearts," according to a survey by Netskope and YouGov, the likelihood of businesses being hit by fines is looking high.
Netskope EMEA vice-president Eduard Meelhuysen said: "The GDPR will have far-reaching consequences for both cloud-consuming organisations and cloud vendors.
"With the ratification of this piece of legislation imminent, the race is on for IT and security teams who now have two years to comply.
"Although that might sound like a lengthy timeframe to complete preparations, the significant scope of these reforms means that businesses have their work cut out to ensure compliance in time for the EU’s deadline."
Although there are significant challenges that face UK businesses in meeting the requirements of the GDPR, it should at least force businesses to train their staff. In this case regulation could be a significant player behind helping businesses to digitise their business and close the skills gap.
This is of course not a perfect scenario that sees businesses being proactive and training its staff because they would be benefit from it, but it would at least help to solve the problem.
Another area that GDPR regulation could have a trickle down impact on is unemployment levels. The UK’s unemployment levels rose recently by 21,000 to 1.7 million between December 2015 and February 2016, the Office for National Statistics said.
ONS statistician Nick Palmer said: "It’s too soon to be certain, but with unemployment up for the first time since mid-2015 – and employment seeing its slowest rise since that period – it’s possible that recent improvements in the labour market may be easing off."
When looking for a solution there may be no better area to look than the tech sector. With skills in high demand, the sector is in need of more people. Should training be focused on improving digital skills then not only would this help to solve the skills gap, but it would also help to lower unemployment figures.
This is no suggestion that people should be forced to train in this area, but if the training opportunities are presented much more adequately than they are currently then this may be a way to kill two birds with one stone.
