Plea for the ideal privacy professional

June 28th 2022 / in News / by Nienke Koorn

The labor market is tight, and the privacy field is no exception. Many companies have difficulty attracting the right knowledge and expertise within their Privacy Office. Despite this scarcity in the market, in the search for a Privacy Officer an ideal profile is often sought, in which the candidate brings a completed WO law degree and a good number of years of relevant work experience. Are there, besides education and / or experience, qualities, talents or skills to think of where the ideal privacy professional should meet? In this article I zoom in on what, besides a relevant study, qualities a PO should possess – or be able to develop – in a field that is rapidly digitizing and changing.

The combination of rapidly changing technology, the social construct that is privacy and the legal framework, makes that the PO must be a real jack-of-all-trades. Society, law and technology find each other in the privacy field. The interface of different disciplines requires that as a privacy professional you also need in-depth knowledge of the laws and regulations that apply within your sector, whether that is healthcare or education, public transport or the financial sector. In addition, the privacy field requires that you also simply use your common sense. Often you already have a very good idea of what is allowed and what is not within the framework of privacy legislation, precisely because privacy is also a social construct. How you deal with someone’s personal data in an online context is often not so different from how you would deal with your neighbor or colleague. You don’t peek into someone’s wallet without permission to see if there’s any cash left in it or which bank they have an account with. The fact that you could do this online does not mean that you should.

Of course the AVG offers more tools and obligations than you might think as a layman, and as a privacy professional you need more than your gut feeling. In addition to in-depth knowledge of and interest in the laws and regulations surrounding privacy, as a PO you must be able to manage projects efficiently. Attention to all parties that may be affected by your project is essential. Stakeholders are indispensable and at the same time not easy to manage, especially if you do not (yet) know their activities and goals. Taking an interest in an organization’s core values and understanding its long-term goals is essential to the success of any privacy project. Furthermore, it pays to invest in customized awareness-raising. Forget the standard AVG talk and turn it into a session that is focused on the work of the team you are training. In this way you will discover who your privacy champions are and you will immediately learn more about what the team already does well and perhaps would do better not to do, especially if you take plenty of time for questions.

From experience I know that an affinity with tech is now just as important as the other qualities I mentioned; the excellent management of your stakeholders and practiced project management. The digitalization of society and the desire of practically every company to work in a data-driven way means that without an understanding of IT systems, you won’t get very far. The art of making rapidly changing technology my own has often made the difference for me. It comes in handy when assessing privacy risks while writing DPIAs and helps you gain and maintain visibility into developments that may create challenges or risks in the future.

In summary, your ideal PO is someone who dares to ask questions and does not spend entire working days behind his desk. A jack-of-all-trades who quickly connects with a team and organization, with an affinity for IT. Who understands how project management and identifying the interests of all those different parties involved in privacy meet. Sometimes this can be captured in a completed study or in a relevant certificate. However, it pays to look beyond the standard requirements and perhaps develop your own assessment to test your candidates. What is specifically needed for your organization in a PO? How does your company or organization differentiate itself from others and what do you look for in your employee to appreciate and cherish that unique characteristic? If you can make a clear wish list with considerations and find the right person to go with it, you can be sure that your new PO will be an asset to the entire organization.

Are you looking to fill your privacy office, or could you use some tips? Lex Digitalis offers help with both recruitment and custom consultancy, and can help your company or organization find the perfect match. Please contact us via or call Nelleke (06 55807795) or Elly (06 24897798) for more information.