Personal attributes

working autonomously and equally effectively in a team
analysis and problem-solving
self-management
ability to maintain confidentiality
assimilating information and identifying risks
attention to detail
evaluating the probable social, commercial, cultural, ethical and environmental consequences of an action

For a senior practitioner:

project management
challenging and influencing both internal and external stakeholders
experienced in assessing, reviewing and writing policy and procedures
developing training and awareness modules, digital strategy, consent management, information security disciplines and technologies.

Specialist skills

implementing and managing within the organisation the Data Protection Act and relevant legislation in other jurisdictions where the organisation operates
implementing and managing within the organisation the Privacy and Electronic Communications Regulations (PECR), including submitting breach notifications to the regulator
information security audit and risk assessment techniques, such as ISO 27001
use of records management tools, such as SharePoint, TeamCenter and SAP
planning, administration, and management of information systems, operational and technical security controls
risk assessment and management in relation to data protection

CIISec Skills Groups* (additional Skills Groups may also be relevant to particular jobs)

A6 – Legal and Regulatory Environment and Compliance

Principles:

understands the legal and regulatory environment within which the business operates
ensures that Information Security Governance arrangements are appropriate
ensures that the organisation complies with legal and regulatory requirements

G1 – Data Protection

Principles:

directs, oversees, designs, implements, contributes to, or operates within the set of multi-disciplinary structures, policies, procedures, processes and controls to manage the protection of personal data at an enterprise level, supporting an organisation’s immediate and future regulatory, legal, risk, environmental and operational requirements, and ensuring compliance with those requirements

G2 – Privacy

Principles:

directs, oversees, designs, implements, contributes to, or operates within the set of multi-disciplinary structures, policies, procedures, processes and controls to ensure that privacy and human rights legislation and regulations are adhered to
within a corporate organisation, this applies to employees, contractors, customers and any individual for whom personal information is held

*Non-Commercial - No Derivatives (BY-NC-ND) license. 2021 Copyright © The Chartered Institute of Information Security. All rights reserved. Chartered Institute of Information Security®, CIISec. Chartered Institute of Information Security®, CIISec®, AfCIIS®, ACIIS®, MCIIS®, FCIIS® and the CIISec graphic logo are trademarks owned by The Chartered Institute of Information Security and may be used only with express permission of CIISec.

Experience

Any career or role in which there’s a demonstrated ability to reliably manage confidential information while applying complex standards (particularly legal ones) could, with additional specialist training, provide the basis for a role in this specialism.

Examples of such careers or roles include:

police services: data management
Armed Forces: communication security, data management
finance, especially information management
healthcare records management
legal practice, especially family law

Data Protection & Privacy

More about a career in Data Protection & Privacy

An introduction to this specialismWorking life

An introduction to this specialism

What will your responsibilities include? What are your tasks likely to include?Responsibilities

What will your responsibilities include? What are your tasks likely to include?

What core, related and wider knowledge is important for working in this specialism?Knowledge

What core, related and wider knowledge is important for working in this specialism?

What personal attributes might you need? What specialist skills are important?Skills

What personal attributes might you need? What specialist skills are important?

What other cyber security or IT role might you progress to from this specialism?Moving on

What other cyber security or IT role might you progress to from this specialism?

Which certifications and qualifications are relevant to roles in this specialism?Qualifications

Which certifications and qualifications are relevant to roles in this specialism?