Over recent years, the Privacy market has seen a big shake-up with the emergence of in-house functions for privacy and data protection following the introduction of more elaborate privacy laws. This has left a lot of privacy professionals in a busy state but also led to the emergence of fantastic career opportunities, attracting top talent to the profession.

This article talks through a range of ideas on how to structure your CV to help you stand out if you are a privacy professional looking to take a step forward in your career.

Highlight your stakeholders

Privacy organisational structures will differ from company to company. For a lot of companies, they are still in the early stages of building out a privacy program. However, some organisations have highly mature frameworks already in place.

Of course, this is very context-dependent. In fact, there may not even be an existing privacy structure in place. Every company will be different. The point is, that whoever you worked with and how you define your role within a privacy team works wonders for future employers so be sure to express this in outlining your responsibilities.

Let’s not get bogged down on just ‘Privacy' stakeholders. How you collaborated with other departments to deliver an effective data protection culture throughout the business is an extremely valuable trait. So, if you worked alongside departments across the business (HR, Marketing, Engineering, Sales etc.) make sure to highlight this. This will show your ability to influence to achieve cross-organisational goals. After all, one common dilemma is a lack of organisational ‘buy-in’ for privacy and having the ability to demonstrate privacy in a positive light across the firm will help substantially in getting that buy-in.

What to do with GDPR

GDPR is now in effect…  but the show is not over and the end credits are far to be seen. There is often the opinion that GDPR is a ‘project’ but it is an ongoing compliance effort and if your organisation wishes to have sustainable GDPR compliance then there will need to be ongoing ‘Business as Usual’ data protection activities but also ongoing organisational change to allow governance to keep up to the pace of change around processes and technological innovation. When highlighting your GDPR experience do not think ‘Business as Usual’, think Change.

If you have worked across elements of GDPR delivery then this is a great opportunity to highlight organisational change skills when approaching GDPR – i.e. aspects of training, raising awareness, cultural shift. These skills are often overlooked but having the ability to promote GDPR as a business enabler rather than a blocker is really something that will appeal to any organisation taking their compliance effort seriously.

Be smart with your keywords (but do not overdo it!)

What do I mean by privacy keywords? Well, we have the likes of DPIA/PIA, DSAR, Privacy by Design, work with policies/contracts etc. The standard business as usual activities that are integral privacy duties and a common requirement across any data privacy function. Do not get me wrong, these are great keywords to highlight but you can also think outside the box here and get creative.

Privacy is not always ‘business as usual’. Help your CV to stand out by highlighting some of the cutting-edge privacy work such as work with privacy shield, Data Subject Rights Management, Privacy Management Softwares (OneTrust, Varonis, TrustArc) etc. If you have worked across areas of data minimisation you could utilise keywords such as anonymization, pseudonymization and hashing to demonstrate these techniques which help give your profile a winning edge.

I recommend diving into some depth of context giving examples such as how you conducted privacy impact assessments or how you helped to integrate privacy by design – painting a more tangible picture of your experience.

What was your company impact?

What a Privacy program means will differ from organization to organization from the different forms of C-level buy-in and varieties of culture towards data protection. Highlighting the impact you left on a company shows you are a dedicated professional with a passion for the field.

Examples of creating a company impact can be the stakeholders you trained, the hires you have made or even more creative elements such as organising a campaign.

One example I like to refer to on this is the ‘EasyJet Privacy Policy explained’ video which was marketing content released through social media by EasyJet to its customers in lead up to the GPDR explaining their privacy policy. Simple, yet incredibly effective and a great way to demonstrate to customers that you care for their data (reinforcing on a positive brand image!)

You can watch below;


International Privacy experience?

It has been hard to avoid the dominating European Privacy legislation which has caused a loud shake-up in the world of data protection. However, it is naïve to think that is the only important privacy law. Global organisations are likely to span into a range of jurisdictions where there are multiple laws governing data protection of employees and consumers. If you have worked across multiple jurisdictions across privacy law make sure to highlight it. This experience is only going to become more sought after as we expect to see further shake-ups in privacy across the globe.

Embrace your tech

Sure, Privacy is legislation but living in a modern-day world transitioning to a more digital state there is no avoiding tech. Over recent years, we have seen some big shake-ups in tech. From cloud to IoT to Big Data to Artificial Intelligence to whatever else is around the corner. Technology is so fast-paced, that keeping up to speed with adequate data privacy law is easier said than done. Thus, if you have experience across any of these domains make sure you highlight it. Having a technical understanding followed with some practical hands-on experience working with Technologists in these areas can be a unique selling point to help you stand out above the competition.

Getting over the NDA bump

Ever had to sign a non-disclosure and restricts you putting a client on your CV? Certainly in the world of privacy, it seems to be a common occurrence especially if you are doing some form of interim consulting. Do not let this stop you from highlighting your experience. If there is an NDA you can always give a short description of the client i.e. ‘Multinational FMCG organisation’ if you have worked for Nestlé or ‘Leading FTSE 100 Insurance Brand’ if you have worked for Admiral. This helps hiring managers to get an idea of the scope of organisations you have worked for and ultimately, gives you the chance to highlight your relevance for the role you are applying to. You do not want to give the impression there is something to hide.

Oh, and don’t forget the basics

Try to keep things tidy and to the point. Follow the golden rule whereby you should be able to contain all relevant information on the first page and the rest of the CV should be a more in-depth breakdown of your responsibilities aiming for a limit of 2/3 pages.

I hope this has been of assistance to you – if you would like further assistance on this matter please do feel free to get in touch anytime.