Hiring rush for data protection officers ahead of GDPR deadline

Organisations are rushing to hire data protection officers ahead of the impending GDPR deadline, new analysis has shown.

GDPR will be enforced in the UK on 25 May, along with all other countries in the European Union. The new legislation will mean that the presence of a data protection officer will be mandatory in all companies that meet select criteria, including public authorities, or those that carry out large scale systemic monitoring of individuals.

With this in mind, job search engine Joblift has analysed whether the uptake of a Data Protection Officer has been a gradual process since the GDPR announcement in April 2016, and what requirements employees are demanding in the role.


Vacancies increase

The study shows that a huge proportion of companies hire a data protection officer from outside appear to have left the recruiting process until the last few months (this analysis does not account for companies that have opted to promote internal employees). According to Joblift, 3,911 data protection vacancies have been advertised in the last 12 months. These positions have seen a huge average monthly increase of 11% (compared to a 3% monthly increase in the whole UK job market, on average).

Interestingly, a quarter (1,011) of these vacancies have been posted since the beginning of 2018, with January alone seeing 12% of vacancies posted. This could suggest a hiring rush as the GDPR enforcement date creeps closer. Despite huge demand for qualified data protection staff, these vacancies follow the UK’s entire job market in terms of time spent online, staying active for 31 days on average.


Public sector demand

With 1,945 vacancies issued here, London has been home to 50% of all data protection vacancies issued in the last 12 months. As expected, Manchester follows, hosting 4% of vacancies and Birmingham follows closely with 3%.

In terms of employers, consultancies, law firms and government departments rank highest, with PwC, Addleshaw Goddard and HM Land Registry topping the list – understandable given the nature of the data these companies handle.

Furthermore, 385 vacancies have been advertised by councils and local governments in the last 12 months.

Additionally, experience appears more important than education; 33% of all vacancies require candidates to have at least five years of experience in IT security and data, while just 14% ask directly for candidates to hold a university degree, and just 8% ask for IAPP, CIPP, or CIPM qualified candidates.



Looking at the direct effect of GDPR gives an interesting insight into how companies are preparing for the new legislation. 62% of the 3,911 Data Protection vacancies mentioned GDPR in their job advertisements.

However, data protection officers are not the only positions being hired for in preparation for the new legal changes. Knowledge of what the GDPR will mean has been requested in 25,223 vacancies in the UK in the last 12 months, with advertisements requesting business analysts, project leaders and IT managers.

Positions requesting knowledge of GDPR have seen an average monthly increase of 23%, almost eight times more than the UK job market’s increase as a whole.

Related reading