Content of the Week: 4th August 2025
Hiring Compliance Officer, Hiring Data Protection Officer
I've spoken to a lot of compliance officers and DPOs over the last few weeks, and one thing is clear: there still isn't enough focus on the space.
I'd estimate 80% of businesses have these functions because they have to, not because they want to. I guess ideally no one would have to have compliance as we'd all just naturally do it, but that's not reality. Consequently, there has to be more emphasis in the space.
If you're hiring someone to focus on data protection, here's my checklist to ensure you're hiring someone in the right way:
Define the why
Understand the business driver: regulatory compliance, customer demand, or proactive risk management.
Clarify the Scope
Is the role focused on privacy, security, or both? Strategic or operational?
Identify the Right Team Fit
Decide where it belongs: Legal, Compliance, IT Security, Risk, or standalone.
Match the Experience
Look for sector-specific knowledge and familiarity with relevant regulations (e.g. GDPR, PDPL, CCPA).
Expect Hands-On Capability
Can they implement policies, handle breach response, and run privacy training, not just advise?
Prioritize Cross-Functional Skills
They should work well with Legal, IT, Ops, HR, and Product teams.
Ask for Relevant Credentials
Certifications like CIPP, CIPM, or CISSP are helpful depending on focus.
Define Success Metrics
Be clear on outcomes expected in the first 6–12 months (e.g. data map, DPIA process, policy rollout).
Provide the Right Support
Give them budget, tools, and decision-making access to actually drive change.
Avoid “Tick-Box” Hires
Don’t hire just to show compliance - hire to build a sustainable data protection program. You also won't get good talent if it's clear you don't value their input.
New recruitment rule forces employers to follow up with applicants
(Source: https://www.hcamag.com/ca/specialization/employment-law/new-recruitment-rule-forces-employers-to-follow-up-with-applicants/540511)
Don't worry, recruiters in the UAE, this is only in Ontario! But I believe it's the first of its kind in the world, and a step in the right direction.
Some key points on their new leg:
- Limited to formal interviews (not preliminary screenings/resume reviews)
- Only applies to publicly advertised roles (will we see a drop in the number of job adverts put up? I don't think so, consider the above point, but it's possible)
- Employers will have 45 days to inform candidates of their status
I'm hearing of legislation in New Jersey that'll be the same, plus the addition of needing to remove job listings within 2 weeks of filling the role and disclose when they post ads for roles that don't exist ('ghost jobs'), something already illegal in Kentucky and California.
We aim to provide feedback after every interview someone has with a client, but we share the candidate's frustration - it's still consistently not provided to us, which baffles me when a business takes so long to brief us, negotiate our terms, often pay us an upfront retainer, then ghost.
Ultimately, businesses will simply apply technology that'll create auto-updates every month and overcome this. But the principle of communicating with people who take a lot of time out of their lives to interview for jobs is a step in the right direction.
From Partner to GC: The Most Underestimated Leap in Legal Careers
It’s the natural next step, when you get to the end of your private practice career to transition into a GC role. On paper it makes sense.
In practice, it’s very difficult.
The GC market is already highly competitive, saturated with great GCs who have significantly more experience than you – they’ve weathered the regulatory storms, scaled global teams, and advised CEOs through crises. If a business is hiring, they’re going to prioritise someone with that experience over someone who has come straight from a firm.
I hear your next point: you’re technically a much stronger lawyer than these people. You’re right, but that’s only half of the role. In fact, I know a lot of experienced GCs who don’t really do the legal work anymore. You need to know about strategy, commercial judgement, executive management, and internal politics.
If you want to make that transition, the most successful GCs I’ve seen start as a number 2 to a seasoned GC. Learn how the role works, have a collaborator who can guide you through the challenges rather than having to make all the mistakes alone. And importantly, make sure there’s a genuine succession plan for you too, otherwise your GC role might be more job moves away.
The type of business you move into first is important, too. Make sure it aligns with where you want to be long term e.g. if you want to lead a large team, get into a bigger entity. If you want to remain hands-on stay in a team of under 10 people.
It’s becoming more competitive every year to make this move, but taking a year or two to learn will benefit you long-term.
Ready to change jobs? The summer’s the best time to find your next job
It’s a common myth that the summer’s a dead time, but that’s not right any more. Over the last month we’ve been instructed on the same number of roles as our average for the year so far. It’s certainly slower in feedback/interview pace, but it’s still moving along nicely.
But what we see is a dropoff in the number of applicants. Lots of people travelling, preoccupied with kids, or taking a break, means that it’s actually easier to find something new now if you keep going.
It’s also the right time to plant the seeds for the next few months and beginning of 2026. It’s not that far away, some businesses have budgets leftover for the year that they’re spending before 2025 finishes and others are considering interviews for 2026 starts (think about it – a process takes 2 months, then people have 2-3 month notice periods, so they’ll be starting in Jan if we begin interviewing today).
So go and put your name in front of people, pick up the networking (whilst people have a bit more spare time), and apply for roles. If you wait for September you’ll be playing catch-up.
Hiring Mid-Level Compliance Managers - Where Are They All?
Compliance hires are growing, but there’s one problem: no one can seem to hire a mid-level compliance manager. They’re in such short supply, and top talent is hard to retain.
Why is this? Many firms underestimated compliance in junior hiring post-2008 and then again post-covid, so we have these gaps in good quality people with 15 years experience and then again with 4 years experience, plus a lack of clear development during these periods for those with jobs.
Now, as regulatory demands increase, we’re starting to really feel these gaps, particularly within financial services where it’s hit the hardest.
The result? A seriously competitive market, with salaries being pumped up and a high turnover.
The overcome this, businesses need to have fast hiring processes, more flexibility (these people are often at the level of having young children – flex working or working from home helps a lot), and a willingness to back high-potential candidates who don’t tick every single box.
Then there’s the retention problem, it requires more than salary increases.
The main thing is to actually value the work that they’re doing. Compliance Managers typically leave when they’re hired to only tick a box, as they want to make a genuine difference.
And have conversations with them about growth, progression, give them mentorship from senior leaders, and exposure across the business more widely.