Data Protection & Privacy is the management of the protection of data, enabling an organisation to meet its contractual, legal and regulatory requirements.
Data Protection and Privacy provides the expert technical knowledge in data protection, with a range of methodologies to manage data risks on a day-to-day basis. These responsibilities include:
In a larger team, this specialism works with the Data Protection and Privacy lead or a departmental manager to promote best practice for data protection throughout the organisation.
With more experience, a Data Protection and Privacy professional may lead a team, assisting the organisation in maintaining protection and privacy standards, ensuring compliance with the Data Protection Act and other relevant legislation.
In Data Protection and Privacy, there is the opportunity to grow and take on responsibility from the first day in a challenging but rewarding environment. There is also the need to follow developments in data protection and privacy, maintaining a professional expertise and personal interest in these subjects.
Data Protection and Privacy is dedicated to ensuring that the most important assets of an organisation are protected from theft or exposure to the wrong people, and that the organisation avoids the consequences of breaching data protection laws and regulations.
In detail, you might:
With more experience, you might also:
For Data Protection and Privacy roles, titles include:
For more experienced Data Protection and Privacy roles, titles include:
An apprentice starting in Data Protection and Privacy might earn between £14,000 and £22,000.
A Data Protection and Privacy role could earn between £35,000 and £65,000. The median salary in March 2021 was £55,000.
A senior Data Protection and Privacy role could earn between £62,000 and £74,000. The median salary in March 2021 was £65,000.
The salary ranges are based on job vacancy advertisements published online in March 2021. Median salary figures are taken from calculations performed by www.itjobswatch.co.uk.
Each of the 16 specialisms are based on knowledge areas within CyBOK.
More information on CyBOK knowledge areas can be found here.
Here are the knowledge areas associated with Cyber Security Governance & Risk Management
Core knowledge – you will need a very good understanding of these areas
Techniques for protecting personal information, including communications, applications, and inferences from databases and data processing. It also includes other systems supporting online rights touching on censorship and circumvention, covertness, electronic elections, and privacy in payment and identity systems.
International and national statutory and regulatory requirements, compliance obligations, and security ethics, including data protection and developing doctrines on cyber warfare.
Related knowledge – you will need a solid understanding of these areas
All aspects of identity management and authentication technologies, and architectures and tools to support authorisation and accountability in both isolated and distributed systems.
Security management systems and organisational security controls, including standards, best practices, and approaches to risk assessment and mitigation.
Wider knowledge – these areas will help to provide context for your work
Usable security, social and behavioural factors impacting security, security culture and awareness as well as the impact of security controls on user behaviours.
For a senior practitioner:
CIISec Skills Groups* (additional Skills Groups may also be relevant to particular jobs)
A6 – Legal and Regulatory Environment and Compliance
G1 – Data Protection
G2 – Privacy
*Non-Commercial - No Derivatives (BY-NC-ND) license. 2021 Copyright © The Chartered Institute of Information Security. All rights reserved. Chartered Institute of Information Security®, CIISec. Chartered Institute of Information Security®, CIISec®, AfCIIS®, ACIIS®, MCIIS®, FCIIS® and the CIISec graphic logo are trademarks owned by The Chartered Institute of Information Security and may be used only with express permission of CIISec.
Any career or role in which there’s a demonstrated ability to reliably manage confidential information while applying complex standards (particularly legal ones) could, with additional specialist training, provide the basis for a role in this specialism.
Examples of such careers or roles include:
Data Protection and Privacy
From a role in this specialism, you might move to a position in one of these cyber security specialisms:
Or, you might progress to take up a more senior role in Data Protection & Privacy, such as head of the team or department.
Our qualifications framework is currently under development. Sign up to our newsletter here to be notified when this is published.
Entry route information can be found here.
You can also visit the National Cyber Security Centre website at the links below: