Some Corporates had already recognized the need for hiring a Data Privacy Officer to protect data. The recently introduced GDPR calls for the mandatory appointment of a Data Privacy Officer at every organization that processes or gathers personal data for EU citizens. This mandate is now to be implemented global companies regardless of the geographical barrier. Before GDPR came into effect, there were only a few thousand DataPrivacy Officers worldwide back in 2018. By 2019, it was estimated that globally already half a million organizations were relying upon the expertise of a privacy officer.

“In India, Section 43 (A) of the new IT Amendment Act 2008 clearly states that a corporate body has to protect sensitive personal data. The post of Chief Privacy Officer was created to address the complex privacy requirements of clients and also to spread awareness about the need for privacy. In most organizations, the CPO's role is driven by regulatory requirements. But as India does not have any privacy law, the momentum is yet slow,” reveals Mini Gupta, Partner at Cyber Security, EY India.

The Indian Personal Data Protection Bill, which was introduced in 2019, is currently pending consideration due to Covid-19 related delays, and has similarities with the GDPR. There will be thousands of new requirements for Data PrivacyOfficers once the Indian Personal Data Protection Bill comes into effect.

“Indian companies that have to comply with GDPR, and other country-specific regulations also have started appointing their privacy/data protection officers. In most cases in India, we have seen existing leaders from functions such as Legal, Security, Risk, Compliance being provided data privacy officer positions,”Mini Gupta further added.

“However, with an increase in privacy regulations and this role requiring knowledge of the law, technology, and compliance along with an understanding of the organization’s businesses, organizations are now looking at this as a dedicated role. Large organizations with millions of data records for processing in India are currently also hiring C-suite executives / Chief Privacy Officers for data privacy and protection,” she emphasized.

Here are the latest hiring trends

According to Gaurav Chattur, the Managing Director of APAC – a tech-based multinational company specialized in data-driven recruitment services of senior executives, CIOs are now restructuring entire teams and prioritizing professionals in data privacy.

“The B2C segment has been very aggressive in hiring professionals with data privacy, compliance, and data protection skill sets. In recent times, we have seen companies demanding senior executives in the role of Chief Data Privacy and Compliance Officer -- the role which is different yet aligned to the role of a CIO and CISO. From career stability and salary point of view, these roles are very rewarding and definitely here to stay. The higher the risk involved, the higher the remuneration will be,” Chattur pointed out.

According to the recent data reported by Glassdoor, multinationals like IBM, TCS, among many others are willing to ditch out as much as Rs 20 Lacs per annum salary packages to lure out the best Data Privacy professionals out there.

Additionally, Aditya Narayan Mishra Director and CEO of CIEL HR Services has observed a rising trend. IT professionals are being relieved of traditional tech roles, and getting placed in the data privacy and compliance departments.

“IT Infrastructure specialists have been upgrading their knowledge by undertaking specialized courses and improving their skills to stay relevant in the current era. Amid this pandemic, companies kept on exploring candidates with specialization in privacy laws, compliance, regulations, and data protection techniques. Such companies are also ready to go beyond the budget to hire talent in data privacy,” Aditya Narayan Mishra further revealed.

“In some companies, CIOs are also expanding their own team by adding professionals under their CISO for compliance and privacy matters. Going forward, we will see a large part of the CIO's role to be of information security and privacy. However, we may not have a board-level role for Information Security and Data Privacy in the next 2-3 years,” Mishra added.