How to become a data protection officer through PCP?
The data protection laws in many countries require organisations handling personal data to appoint a Data Protection Officer, Singapore included. The Singapore PDPC (Personal Data Protection Commission) states that
"All organisations, including sole proprietors and non-profit organisations, must appoint at least one person as the Data Protection Officer (DPO). The DPO function is management’s responsibility and, ideally, the appointed DPO should be part of the management team, or at least have a direct line to management. The operational DPO functions, however, may be delegated to one or a few employees, or outsourced to a service provider. …"
This is a “new profession”, which arose because of the law enforced in 2014 resulting in an apparent shortage of skilled professionals. Designated DPOs need to manage the data protection programme of the organisation and that requires skill and bandwidth.
Shortage of Talent
In a scan of job recruitment advertisements in Q3 of 2020, DPEX Network found that in just one month there were 245 job advertisements recruiting staff for data protection roles even as business slowed down due to COVID-19. This is 106% increase over last year and seems to be a continuation of a trend for the demand for DPOs.
In another survey conducted amongst DPOs, the shortage of DPOs is indicated by the incidence of poaching. One in five experienced DPOS have been approached to join another organisation because of their data protection skill.
Organisations do not have to resort to poaching talents. There is a pool of potential mid-career professionals with work experience who can be trained to fit into the role.
The PCP Programme in Singapore
The Singapore government initiated the programme to facilitate Professionals, Managers, Executives and Technicians (PMETs), including mid-career switchers, to undergo skills conversion and move into new occupations or sectors that have good prospects and opportunities for progression. It allows for:
SMU's PCP-Data Protection Officer with SSG is under the Place-and-Train Programme only. This means that PCP-DP Candidates must be full-time new hires (within 3 months of employment start date) by the PCP-DP participating organisations.
Companies hiring a Data Protection Officer can now apply under the PCP scheme. This includes “combo” roles which include traditional job functions – HR, Marketing, IT, etc. Individuals must carry the DPO title in their designation. The PCP will provide funding to companies with salary support and course fees support.
A Boost for Organisations that are Resource-Stretched
This initiative provides the leg-up for Singapore organisations facing constraints in financial and skilled manpower resource. It is designed to help SMEs and any Singapore-registered company lower the costs of hiring and preparing new staff (PCP-DP candidate) with data protection skills to develop and implement safeguards around processing personal data - the PCP-DP will help SMEs acquire their own data protection expertise. Operations can be in Singapore or overseas.
Meeting the Shortage – A Programme by SMU and Straits Interactive
SMU's (Singapore Management University) SkillsFuture Series in Data Analytics, Cybersecurity and Tech-Enabled Services supports the Professional Conversion Programme by jointly delivering the training with Straits Interactive to re-skill or upskill mid-career professionals into DPOs.
All approved eligible PCP-DP candidates will agree to undergo a 6-month specialised on-the-job training (OJT) where they will need to attend 12 days Advanced Certificate programme in Data Protection, worth S$12,000 (before GST). Both the company and candidate shall agree to go through the PCP-DP for one year in order to complete the implementation of a Data Protection Management Programme (DPMP) in the company.
The PCP-DP will provide funding to hiring companies with salary support, and course fees support for the PCP-DP candidates. As businesses are opening up with mass vaccination against COVID-19, this is an opportunity for PPP – Public, Private Partnership working together to bring about benefit for all parties.
by Leong Wai Chong, CIPM, GRCP
The views and opinions expressed in this article are those of the author and do not necessarily reflect the official view or position of DPEX Network.
Access online / in-person courses and view past training records
Join lively discussions on pertinent data protection topics
Gain access to data protection research and video resources
Receive value-added data protection updates from the region