DPO: 100,000 New High-Paying Jobs The Global Data Privacy Officer Career Boom Hits The Philippines

DPO: 100,000 New High-Paying Jobs
The Global Data Privacy Officer Career Boom Hits The Philippines

“About 80,000 DPOs are needed in France, with only roughly 18,000 in place today, estimates the CNIL, the national data protection regulator. Yet only about 500 professionals with the necessary skills are being turned out per year, according to the AFCDP (French Association of Data Protection Correspondents).
Experienced DPOs are in especially high demand and can command salaries of 80,000 to 100,000 euros [P4mil-P5mil] at big companies…starting salaries for new graduates of DPO programs hover around 40,000 euros.”

-IAPP, International Association of Privacy Professionals, Inc. [US]
The IAPP is the largest and most-comprehensive global information privacy community and resource. Founded in 2000, the IAPP is a not-for-profit organization that helps define, support and improve the privacy profession globally.

24 JAN 2019, Pasay City, Philippines

The Newly Launched [Philippines] National Privacy Commission; lead by [PH] Privacy Commissioner and Chairman Raymund E. Liboro, with Deputy’s, Atty. Ivy D. Patdu and Atty. Leandro Angelo Y. Aguirre, Trail-Blazes The Data Privacy Industry in Asia with the debut of; and select attendees subsequent certification and accreditation from, their new DPO ACE Program.

Though the actual number of the invited lawyers, executives and professionals, from top companies and organizations in the Philippines is not available publically, The American Press Service does know however, that just under 40 people were finally accredited by the Philippines National Data Privacy Commission from this first batch national kick-off.

With an estimated 100,000 Data Protection Officers needed globally; with many needed in the Philippines to work with the Medical, BPO, Call Center, Hotel, Resort, Tech and On-line industries, it may be the largest executive level education and employment surge is the last 50-years since the Philippines’ global nursing bubble (ignited by the Western Baby Boom) burst.

By now, most organizations around the world know the data privacy issues and how it affects their companies. For example, most companies with over 2,000 employees, others who collect massive amounts of data, such as hotels and resorts are also affected. As well as, companies doing global business, 3rd party organizations, such as BPO and Call Centers, and all Financial and medical Institutions.

And others; though they may not even be based in The European Union (EU), may also need to have been in compliance with their new EU General Data Protection Regulation (GDPR) by 25 MAY 2018. Undoubtedly, triggered by the recent election hacks in the United States and Europe by Russia, and ramped data breaches throughout the two world powers by outside hackers, influencers and terrorists, The GDPR is said to be the largest piece of data protection legislation(or laws) to ever be passed in the history of the EU.

The overall objective of these laws and regulations is to ensure the rights: privacy, identity and safety of an individual (data subject). Most other countries are using the EU Data Protection Model as their peg, since the EU and The United States of America are the largest trade markets on earth.

One of the most significant requirements in the new regulation is the development and mandatory appointment of The Data Protection Officer or DPO. As depicted on sample charts, just as the CIO, CFO or CEO, the DPO is on the Officer Level, however, acts independently from the company or organization which employees or retains him/her. The DPO is accountable to the Lead (Data Protection) Authority; in the Philippines and Ireland, for example that is the Data Protection Commissioner.

The DPO position, can be appointed by the company to a member of staff, usually a top or lead executive, or it may be outsourced to a third party consultancy or law firm.

“In Singapore and the Philippines, it is mandatory by law to hire a data protection officer,” said Straits Interactive Founder and CEO Kevin Shepherdson, CIPP/A, CIPP/E, CIPM, CIPT, FIP. “There are very few skilled data protection officers in the market. In our part of the world, Southeast Asia is going to be one of the hottest jurisdictions for data protection law given that almost the entire region is new to data protection.”

Companies and professionals are incentivized to level-up to this new innovation. For example, in Singapore, the government may (depending on criteria) fund up to 90% of the new DPO’s monthly salary, or SG$6,000 a month, for 6-months. In the Philippines, select companies, chosen to be in the program, may subsidize the cost of education, certification and accreditation, including sending DPO’s abroad for additional training.

“It’s a new era…just like accountancy, legal and even information officers are a key part of a company’s success plan and officer-level make-up, now, ‘data’ has risen in awareness. In this new Information Age, the inherent necessity to protect data acquired, as well as, bringing to the forefront the inherent value of data is now paramount. People, known now as ‘data subjects’ no longer blindly give up information, they’re becomingly increasingly aware of their data privacy rights and will soon patronize companies –and websites- which do the same. Thus, companies who misuse, sell, or handle data irresponsibly are subject to huge global penalties.” -Joel Tiongson, Accredited Philippines DPO [Philippines]

Companies around the world are realizing, the inherent value of the ‘data subjects’ who they willing, unwillingly and/or unknowingly collect personal data from.

The information giant, Google is in America, lost a case in France, regarding ‘alleged violations’ of the EU General Data Protection Regulation. Google, was subsequently fined $57 million (that’s millions); but will repeal to The Council of State, the top administrative court in France; much like America’s Supreme Court.

“We’ve worked hard to create a GDPR consent process for personalized ads that is as transparent and straightforward as possible, based on regulatory guidance and user experience testing. We’re also concerned about the impact of this ruling on publishers, original content creators and tech companies in Europe and beyond. For all these reasons, we’ve now decided to appeal,” -Google

Similarly, Yahoo –with their stakeholders- reached a $29 million settlement, settling allegations that they had breached their duties, in reference to properly handling information compromised in several data breaches between 2013 and 2016.

In Portugal, the GDPR issued a 400,000 euros fine to a local hospital; Centro Hospitalar Barreiro Montijo -its first fine there since the legislation was enacted. Oddly, the hospitals defense was partly, that the CNPD did not have the authority to punish and fine them. Apparently, the CNPD decided to make them the first example. The hospital could have been fined up to 30 million euros.

Some insights from the case that every business should pay attention to:

• Mainly, there was no rules and private and personal data was widely accessible to anyone,
• no protocols or ‘defining rules’ for creating users,
• nine technical (or lower-level) employees had access too high; and may have seen information which should not have been available to them,
• access to ‘need to know’ information was available to all doctors regardless of specialty,
• hundreds of ‘doctors’ data (past and present) were still in the system, and
• lastly, the case proved that the hospital knew it was in violation of the laws, and voluntarily and consciously continued.

As the world scampers to develop this new executive level-profession and the massive industry, there is a huge void in the number of DPO professionals globally. At minimum, companies should consult with a DPO and/or business development or law firm to access their needs.

“Simple things, such as memorandums, protocols, changes to employment applications, disclosure memos on websites and non-disclosure agreements with staff/team members is the first steps. Other simple innovations are the inclusion of routine paper shredding of documents, central departmental data oversite, and the immediate cease and desist of sharing, transferring and selling of acquired data. Such as, a hospital or hospital employee, selling medical records to drug companies, or an on-line selling company with under-protected servers storing buyer credit cards and home addresses. Adopting the ‘need to know’ and ‘data value mind-set’ are also great for companies to imbed in their current company culture.” -KA&CO America, International Business Development Group []

Learn more about opportunities in the data privacy industry, compliance and make a complaint by visiting:

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

To Top