How to Begin a Career in Privacy

This is a guest article by Nathan Fowler, Commercial Director for Freevacy Ltd.

With so much of our lives moving online, information relating to an identifiable person is fast becoming one of the most valuable commodities. With each new technological innovation, the opportunities to collect, process, and transfer personal information continue to grow, along with the risks.

In response, governments around the world are introducing privacy legislation, giving consumers stronger protections and holding organisations' processing personal information to account. In this regard, Europe leads the way with the EU General Data Protection Regulation (GDPR), which came into effect on 25 May 2018, and is often used as a blueprint for other countries to draw inspiration. More recently, on 31 December 2020, the UK enacted its own version of the GDPR following its departure from the EU. At a broader level, the latest statistics from the United Nations reveal 137 out of 194 countries have put privacy legislation in place, with others preparing draft legislation at this very moment.

Against the backdrop of a world where cross-border data flows play an essential role in our digitalised economy, organisations must act to ensure they comply with data protection laws and regulations within the jurisdictions they operate. As a result, privacy management has become an integral part of the overall data governance strategy, impacting almost every aspect of business operations.

There are many benefits and opportunities to pursuing a career in privacy. In this article, we take a look at some of the main advantages and offer tips on how to begin or advance a career in privacy.

Why seek a career in privacy?

1. There is a severe skills shortage

All organisations have to protect the personal information of their employees, customers or service users. Due to privacy management being a relatively new career path, there is a global shortage of experienced professionals. In 2016, the International Association of Privacy Professionals (IAPP) predicted there would be a requirement for 75,000 data protection officers (DPOs) to manage personal data belonging to EU citizens and comply with the GDPR. By 2019, the IAPP reported that 500,000 organisations had appointed a DPO in Europe alone.

Furthermore, at the time of writing, there are 16,771 vacant UK positions on LinkedIn with data protection in the description and 19,205 that mention data privacy. Broadening the search to cover the European Union and the US adds another 99,495 job listings, significantly increasing the number of vacant positions that are proving difficult to fill.

2. Well defined learning pathways

You don't need a law degree to pursue a career in privacy. In fact, not all privacy roles require detailed knowledge of data protection legislation. It helps to have a background in related areas such as governance, risk, and compliance, but other roles such as IT, information security, and project management contain many transferable skills necessary for a successful career in privacy. Even though privacy and data protection fields are evolving quickly, there are still several workplace qualifications to choose from that mean you shouldn't face many barriers limiting your entry.

Whatever your background, you can attain the knowledge and experience you need to become a privacy professional in just a couple of years.

3. Excellent career progression

New and experienced privacy professionals benefit from opportunities to advance careers within companies still establishing their privacy operations. In particular, there is considerable demand for mid-level positions, anyone involved in building, maintaining, or maturing a privacy programme. As you gain more knowledge, experience and qualifications, you'll work your way to more senior positions and start earning higher salaries.

4. High earning potential

Another significant advantage of a career in privacy is the earning potential. As previously discussed, experienced and skilled privacy professionals are short in supply and high in demand. This shortage drives up wages and salaries.

According to Glassdoor, the salary range for Data Protection Officer jobs in the UK is between £26,000 and £83,000 per annum. However, from a global perspective, the 2021 IAPP Privacy Professionals Salary Survey revealed the average pay for senior privacy professionals was $140,529 (£106,745). Chief Privacy Officers were the highest-paid, earning a median annual income of $200,000 (£151,919).

5. An ethical and satisfying career

Overall, job satisfaction is high for privacy professionals. Daily responsibilities are varied and interesting. Privacy is also an ethical career path, given its implications on social justice and preserving a fundamental human right. Consumers are increasingly taking an active interest in how personal information about them is looked after. This trend is set to continue and highlights that privacy management has many more implications than those attributed to legal compliance alone. For privacy professionals, helping organisations protect personal data and make ethical choices while providing transparency and accountability is highly rewarding.

Day-to-day tasks of a privacy professional

One of the more interesting features of a career in privacy is the variety of responsibilities. For example, some of the tasks involved in being a privacy professional include: 

   Implementing privacy strategies and frameworks

   Developing policies, internal guidance and external communications such as privacy notices

   Implementing technical and organisational controls

   Advising different teams and departments on privacy matters

   Analysing Data Protection Impact Assessments (DPIAs) for GDPR compliance

   Undertaking routine and ad-hoc data protection audits for both internal functions and external organisations operating under a processor agreement

   Conducting privacy culture awareness and role-based training

   Maintaining records of processing activities

   Responding to Subject Access Requests (SARs)

   Investigating and responding to data breach incidents

   Monitoring and measuring compliance 

   Reporting to management

Invest in a professional privacy certification 

Once you have decided to enter into a career in privacy, you will require a new set of skills and knowledge. Higher education is a popular pathway. However, as previously discussed, you do not need a law degree to begin a career in privacy. Instead, one of the best ways to become or advance your career as a privacy professional is by attending a certified training course. These workplace qualifications are seen as an industry standard and are awarded in recognition that candidates have met or exceeded a certain level of capability. Typically speaking, there is a learning element and then an exam.

There are several professional certificates to choose from that address different areas of privacy management. Certified training courses range from foundation to more advanced practitioner levels. The majority of privacy programmes cover the regulatory aspects of data protection law. However, in addition, there are also certified programmes focusing on the organisational practices involved in privacy management, while others deal with the techniques and measures used to protect personal data from an IT and technology perspective.

When choosing a professional certification, you should consider both the subject material covered in the programme along with the benefits and the value of the qualification for your career before making your selection. Look for certifications from recognised independent examination providers. The most well-respected professional industry qualifications are developed by organisations that ensure the certification method is separate from the education and training process. They do this to avoid any conflict of interest, which could bring the reputation and integrity of the certificate programme into question.

It is worth noting that an independent development process is required by any organisation seeking to comply with ISO/IEC 17024:2012, the international standard for bodies operating certification of persons.

The benefits of having a separate training provider to the certification body are:

• The examination provider's primary role is to maintain the certification programme's quality, relevance, and robustness. They also oversee the examination process via a separate external methodology. In some cases, they take on a leadership role, further enhancing the certification's credibility and value.

• Specialist training providers provide personalised and dedicated services throughout the learning process, which in most cases involves passing an examination. The leading training providers have access to the best trainers that combine expert subject matter knowledge and experience of working with the particular examination provider.

Individual training providers approach the delivery of training material differently, so you should spend time comparing which providers suit your preferred learning style. These differences can include whether training is taught from a practical or legal perspective. Other variables include the delivery format and the duration of the course. For example, some providers cram course material into a boot camp to get you through an exam. In contrast, others spread the delivery over a more comfortable timeframe to impart knowledge and ensure a deeper understanding of the material.

Regardless of what learning and development path you take, a career in privacy is an opportunity for personal growth within a profession that is only just beginning to reach its potential. With demand for qualified practitioners at an all-time high, there's never been a better time to become a privacy professional.

About the Author: