Privacy Challenges – Part 4: Lack of privacy professionals

Oct 4, 2016

We have made the promise to help our clients understand their privacy challenges and enable them to tackle them in a way that meets both their business requirements and regulatory requirements. Some time ago, one of our clients posed a central question: “What are key privacy challenges that organizations currently face in your opinion?” So, we decided to create a series of blog posts describing five key privacy challenges that touch organizations regardless of their industry.

The challenges, as we have named them, are:

  1. Data is the new oil
  2. Changing regulation
  3. Lack of tools and best practices
  4. Lack of professionals
  5. Implementing privacy throughout the organization

Lack of privacy professionals

Privacy and data protection are one of the fastest growing and changing subject areas of this decade. Public concern for individual’s right to privacy and evolving regulation have increased the demand for privacy professionals significantly within a relatively short time. However, experts are not made overnight and the shortage is only likely to increase as the GDPR enters into force in 2018.

Lack of trained privacy personnel is a serious concern for companies. According to EY’s Global Information Security survey (2015), 40% of respondents find as their the top concern that there are not enough people in their organization to support the organization’s privacy program.

Key issue is the novelty of the industry. Achieving the expertise required from a privacy professional takes about five years and as data protection as an industry is only now starting to emerge, there are only a handful of experts with practical experience. The novelty of the position is further reflected in privacy officer’s duties. Most privacy officers still deal with data protection only as a part of their job.

Another challenge is the changing role of privacy professionals in organizations. Privacy is transforming from a legal compliance issue towards a complex engineering and business challenge. Companies seek professionals that understand the legal, technical and economical concerns that underlie high quality privacy management.

When the availability of experts is scarce, many are searching for alternative solutions such as using external privacy leads. However, the central problem remains as there isn’t actually an abundance of experienced privacy lawyers or consultants to outsource your privacy management activities to.

So far privacy management has been the work of highly specialized individuals. However, we expect this to change as privacy management activities become more mundane. For example, Privacy Impact Assessments (PIAs) have traditionally been done manually by specialized consultants. With the requirement of General Data Protection Regulation to conduct an impact assessment for every high-risk activity, companies need to find an efficient solution to carry out regular assessments and follow their progress. Such a solution can include advanced privacy management software and a specialized service team that help organizations to implement privacy into their operations from the start.