With the approaching of May 25, 2018, the number of (self-professed) “Certified DPOs” is growing at an astonishing pace.
Many of the companies that fall within the GDPR’s scope must to include in its ranks this role but HR or Legal department are in the completely in the dark when it comes to set forth the criteria to evaluate a candidate’s fitness for the job.
“Certifications” or “Privacy Master Degree” ownership are a few ways the candidates try to lure a company into hiring them.
But truth is: there is no such thing as a “Certified DPO”, and no “Master Degree” or “DPO three-day crash course” will give you a proper knowledge. Sure, by attending such education programmes you may get a glimpse at complex topics, but only a deep study and a lot of practice will give you the possibility to develop the instinct to spot solutions to new problems, or to find the right solutions when the storm of a crisis arrives.
So, a first hint at how to spot the unfitness of a candidate is to check how long he was in this business, at what level of corporate involvement, what tangible achievements has he reached.
Another truth is: a DPO isn’t a Jack of all trades, master of none. In other word, if you have a significant experience in the financial sector, it doesn’t make you any good in the advertising business or scientific research domain.
Then, a second hint is to check what specific, sector-related experience the candidate can prove.
Third suggestion: time doesn’t matter. Beware of those who claim a “more-than-twenty-years-of-experience-in-the-sector”. This statement can only means “I have a one year experience, repeated twenty times”.
Fourth issue: is your candidate adequately skilled in public relation and crisis management?
It is fairly easy to play DPO, bullying all the single departments into “compliance” to your diktat, when everything runs smoothly. But when things go South, the DPO is a key figure in keeping things straight, minding its and company’s mouths, interacting with the supervising authorities involved.
Are you sure that your “Certified DPO” is capable of keeping his nerves, instead of start squeaking around “it’s not my fault!!! I told them, but they won’t listen!!!!”
Forewarned is forearmed.