The study, from job search engine Joblift, analysed whether the uptake of a Data Protection Officer has been a gradual process since the GDPR announcement in April 2016, and what requirements employees are demanding in the role.
On the 25th May 2018, the General Data Protection Regulation (GDPR) will be enforced in the United Kingdom, along with all other countries in the European Union.
The new legislation will mean that the presence of a Data Protection Officer will be mandatory in all companies that meet select criteria, including public authorities, or those that carry out large scale systemic monitoring of individuals.
Data protection vacancies have increased by four times the UK average, with 25% of jobs advertised in 2018
The study shows that a huge proportion of companies hiring an external Data Protection Officer appear to have left the recruiting process until the last few months (this analysis does not account for companies that have opted to promote internal employees). According to Joblift, 3,911 Data Protection vacancies have been advertised in the last 12 months. These positions have seen a huge average monthly increase of 11% (compared to a 3% monthly increase in the whole UK job market, on average). Interestingly, a quarter (1,011) of these vacancies have been posted since the beginning of 2018, with January alone seeing 12% of vacancies posted. This could suggest a hiring rush as the GDPR enforcement date creeps closer. Despite huge demand for qualified Data Protection staff, these vacancies follow the UK’s entire job market in terms of time spent online, staying active for 31 days on average.
Half of all positions are based in London and having 5+ years of experience holds more weight than qualifications
With 1,945 vacancies issued here, London has been home to 50% of all Data Protection vacancies issued in the last 12 months. As expected, Manchester follows, hosting 4% of vacancies and Birmingham follows closely with 3%. Barristers were the most popular professionals when it comes to Data Protection employees, with 356 vacancies asking directly for candidates who hold a Law degree. Legal Affairs Policy Assistants were second in demand with 528 vacancies.
Interestingly, these positions only started being advertised in July 2017 with vacancies seeing an average monthly increase of 182% in the last nine months, which can be assumed to be a direct result of upcoming GDPR implementation.
Security Officers rank in third place with 187 vacancies advertised in the last 12 months. In terms of employers; consultancies, law firms and governmental departments rank highest, with PwC, Addleshaw Goddard and HM Land Registry topping the list – understandable given the nature of the data these companies handle.
Furthermore, 385 vacancies have been advertised by councils and local governments in the last 12 months. Additionally, experience appears more important than education; 33% of all vacancies require candidates to have at least five years of experience in IT security and data, while just 14% ask directly for candidates to hold a university degree, and just 8% ask for IAPP, CIPP, or CIPM qualified candidates.
The GDPR effect: other vacancies asking for knowledge of new legislation have increased by a fourth each month
Looking at the direct effect of the GDPR gives an interesting insight into how companies are preparing for the new legislation. 62% of the 3,911 Data Protection vacancies mentioned GDPR in their job advertisements. However, Data Protection Officers are not the only positions being hired for in preparation for the new legal changes. Knowledge of what the GDPR will mean has been requested in 25,223 vacancies in the UK in the last 12 months, with advertisements requesting Business Analysts, Project Leaders and IT Managers. Positions requesting knowledge of GDPR have seen an average monthly increase of 23%, almost eight times more than the UK job market’s increase as a whole.