Thanks to GDPR, the data protection officer is a new key role at publishers
To prepare for the coming General Data Protection Regulation, publishers have a new important role: data protection officers.
The Information Commissioner’s Office advised companies to hire DPOs last year, but unlike in Germany, where DPOs are now common at publishers, the U.K. has been far slower to embrace the role. News UK, which owns The Times and The Sun newspapers, was among the first to appoint a data protection officer. Haymarket has appointed one, and magazine publisher Future is planning to appoint one. Others have working groups comprised of staff across different parts of the business working on compliance. Ad tech companies and agencies are also bringing on data protection czars.
The DPO role comes with challenges. The ICO insists the DPO isn’t to be held accountable if decisions they make aren’t good for business.
“It’s the new important role at publishers, but it’s a strange role that’s virtually un-sackable,” said Paul Lomax, an independent publishing consultant and recently the chief technology officer at magazine group Dennis. “You can’t give them guidance on or take issue with how they approach it [GDPR compliance]. Basically you can’t fire them.”
Some publishers are simply choosing to expand current roles, such as privacy officers and heads of data. But with GDPR, the DPO cannot have any conflict of interest with other responsibilities across the business. So if it wasn’t a dedicated role before, it will have to be now, according to Lomax. In some cases, that may lead to some hasty job title changes, rather than investing in an unknown new hire.
Given GDPR is uncharted territory, real expertise and experience is thin on the ground. And with any role shortage, particularly in an area that requires senior, specialist skill sets, salaries are high. Industry sources have said DPO roles tend to be in the six-figure range.
In short, hiring a DPO is fraught with challenges. Whether or not a company must appoint one comes down to size and the extent to which they use data. Companies that have to renegotiate thousands of contracts with tech suppliers in order to ensure they’re compliant will likely already have a DPO or have plans to hire one. But for smaller businesses, outsourcing to external DPOs will be a more popular option.
Companies like Skimlinks, which provides affiliate link services to publishers, will likely outsource to a DPO in the spring, after the company has done the heavy lifting on its data mapping and other internal processes. The DPO will then just be tasked with auditing and validating all that’s happened, meaning the business can control and retain the expertise on how to comply with the law and then approaches an external DPO to rubber stamp its compliance as an unbiased partner. “That way it’s [GDPR knowledge] not all locked up in the mind of a DPO,” said Skimlinks co-founder Joe Stepniewski.
More in Media
Walmart rolls out a self-serve, supplier-driven insights connector
The retail giant paired its insights unit Luminate with Walmart Connect to help suppliers optimize for customer consumption, just in time for the holidays, explained the company’s CRO Seth Dallaire.
Research Briefing: BuzzFeed pivots business to AI media and tech as publishers increase use of AI
In this week’s Digiday+ Research Briefing, we examine BuzzFeed’s plans to pivot the business to an AI-driven tech and media company, how marketers’ use of X and ad spending has dropped dramatically, and how agency executives are fed up with Meta’s ad platform bugs and overcharges, as seen in recent data from Digiday+ Research.
Media Briefing: Q1 is done and publishers’ ad revenue is doing ‘fine’
Despite the hope that 2024 would be a turning point for publishers’ advertising businesses, the first quarter of the year proved to be a mixed bag, according to three publishers.