Europe will need an estimated 28,000 privacy specialists under the newly-minted EU data protection regulation, according to industry group International Association of Privacy Professionals (IAPP.)
The European Parliament approved the new privacy rules only last week after gruelling four-year negotiations. While the regulation sharpens safeguards on consumers’ personal data, lawyers and privacy experts are set to benefit from the rules once they go into effect in 2018.
IAPP, an international association representing privacy workers, says specialists in the area are going to cash in as a result of the EU rules.
Companies and public authorities that process or handle sensitive personal data will be required to hire in-house privacy officers under the regulation. Those officers don’t have to be lawyers, but need to prove they are knowledgeable about the new privacy rules.
IAPP estimates that private companies will need to hire an additional 24,000 specialists, while government offices around the EU will need to beef up their staff by adding an estimated total of 4,000 legal counsellors working on privacy.
Trevor Hughes, IAPP’s CEO, called the figures an “incredibly conservative” estimate.
Hughes said a significant portion of those jobs may be filled by companies requiring current employees to take additional training on the data protection regulation.
The average salary for privacy workers in the EU was around €79,000 in 2015, according to the group’s statistics.
But the newly in-demand specialists are still paid significantly less than their counterparts in the United States, where the average salary was $126,992 last year, or around €112,000.
Data protection officers are around the same age, 43-44, in both the US and the EU.
Privacy specialists working in banking were the best paid, while the public sector paid the worst.
Hughes said government offices looking to hire data protection officers struggle to compete with those employers who have deeper pockets.
“That’s a very tough thing. You have to be find someone who is not only an expert but really passionate about public service to fill these jobs,” Hughes said.
But Hughes said he’s “fairly confident we’ll see an upward surge in salaries” in Europe too.
Privacy officers in US-based companies often earn more because they’re more likely to hold executive-level jobs.
In Europe, similar jobs are focused on complying with EU law but often don’t go beyond that, according to Hughes.
As tough as it is to fill jobs for data protection specialists, it could be worse in some other technical fields.
“We are going to see enormous marketplace pressures on data protection professionals. I think the one profession that outmatches what is to come for data protection is cybersecurity and information security,” Hughes said.
euractiv.com previously reported on the EU cybersecurity agency ENISA’s struggles to recruit staff with technical knowledge. Part of the problem is that private companies, especially banks, offer much higher salaries than government offices.
Udo Helmbrecht, director of ENISA, said it’s hard to pinpoint how many cybersecurity jobs are currently open in Europe.
But he said there are clearly “not enough educated and skilled people in Europe right now”.
Within the last five or six years, many universities in Europe made cybersecurity courses a mandatory part of computer science degree programmes, which Helmbrecht described as progress towards filling the sector’s job gap.
But it will still take several years until that translates into a larger cybersecurity workforce.
“If these people are 20 years old now, it takes time for them to study, get experience and start working in a company somewhere,” Helmbrecht said.
He said there are generally more skilled workers from EU countries with longer established tech industries, like Finland, Germany, the UK, France, Estonia and the Netherlands.
“They’re historically more advanced,” Helmbrecht said.
Because companies in a broad range of sectors will have to comply with the new data protection rules if they handle personal data, there could be a hiring spree across the EU.
Hughes said London, Dublin, Amsterdam and Brussels would stand out as major spots where companies will hire data protection specialists because of the financial and tech industries and also because of government offices in the EU capital.
“But also in Berlin and Paris, Frankfurt. In all the major financial centres you’ll see concentrations,” Hughes said.