As the EU’s largest trading partner, the US will need the most DPOs.
A new study has revealed that about 75,000 new data-protection officers (DPO) are required under a European Union regulation due to come into force from May 2018.
The International Association of Privacy Professionals (IAPP) had estimated earlier this year that around 28,000 such professionals would be required in Europe and the US alone, once the General Data Protection Regulation (GDPR) takes effect.
Based on calculations of the number of companies likely to require a DPO, it now expects that as many as 75,000 positions, including about 11,790 in the European Union, will be needed globally in response to the new law.
IAPP estimates that 9,000 US companies should have a DPO to comply with the GDPR mandate.
As the EU’s biggest trading partner, the US will need the most DPOs, followed by China with 7,568 positions.
Switzerland, Russia, and Turkey are required to have 3,682, 3,068 and 2,045 DPO positions respectively.
A separate GDPR study by the IAPP and TRUSTe has revealed that nine in 10 companies have actively started to address the regulation, including 43% who have a plan in place and 49% who have started implementing their GDPR compliance plan.
About 67% of EU companies said that their implementation is underway or completed, compared to 42% for the US.
43% of companies report they already carry out data inventory and mapping projects, and another 30% are planning to do so in the next 12 months. 71% of organisations are currently undertaking data privacy impact assessments.
IAPP president and CEO J. Trevor Hughes said: “Clearly, IAPP members are taking the GDPR’s DPO requirement seriously, with many of them well on their way toward creating a GDPR compliance programme.
“As the research shows, privacy program leaders are resourceful, but increasingly pressed for time and resources.
“The IAPP’s training and in-depth educational materials, alongside tools developed by technology providers like TRUSTe, will be vital for helping organizations be ready for the GDPR in May of 2018.”