Since May 2018 organisations have needed to comply with GDPR regulations. And with GDPR compliance generally being viewed as the IT department’s responsibility due to the technical nature of data protection, how is this going to affect IT recruitment and the skills that personnel are now required to have?
At its core GDPR is about you protecting the personal data you keep on any individual within the European Union and the European Economic Area. It also covers the export of this data to outside of the EU and EEA. It’s a big job, but do your current employees have the knowledge to ensure your business doesn’t fall foul of a data breach?
For larger businesses that’s where a Data Protection Officer (DPO) comes in. If you store, or process, large quantities of personal data, or you’re a public organisation, you’re required to hire a DPO to develop and maintain your data protection policies. However, if you’re a small to medium sized enterprise, you probably don’t feel the need (and may not have the budget) to hire one of these so-called ‘security leaders’.
That means the responsibility for ensuring that your company is GDPR compliant may well fall upon a number of different shoulders; across different departments even. The GDPR affects every corner of your business, from marketing to training to human resources. It’s therefore necessary that you have someone who is responsible for overseeing your GDPR compliance and ensuring it’s implemented across your organisation.
The likelihood though, is that ultimately the actual footwork relating to implementing GDPR compliance will fall to your IT manager or department. And that may mean you need to start hiring applicants with softer skill sets for your IT team. Of course you’ll still need them to have the technical experience that’s relevant to their role within your company but there are a number of other competences you should now be asking of your candidates.
Filling Your Internal Skills Gap
These may possibly be skills not traditionally associated with typical candidates within IT recruitment such as good communication: part of their role will be explaining to the rest of the company how data privacy works, what your policies are and what other departments need to do to remain compliant.
Chances are your tech candidates are already of a logical mindset but will they be able to define and write those very data privacy policies that they need to explain and enforce? They’ll also need analytical skills for dealing with GDPR related reports and, as well as the obvious need for them to be well versed in traditional IT tasks, they should also have experience in cyber security. Last but not least do they have a thorough understanding of the GDPR law itself?
When it comes to the crunch, in this post-GDPR era, knowing how to fix the printer and reboot the server is no longer enough: your IT recruits need to be able to maintain your – and your clients, users and employees’ – privacy within the confines of this law.