If a company invites you for an interview, then you’ve cleared the first hurdle in the application process. So how do you prepare? And what makes your future boss tick? The #AskTheBoss series provides an insight into different departments. Today we talk to Jürgen Kempter, our corporate data protection officer.
Cyber security was a hot topic way before the war in Ukraine. Together with BurdaSolutions, our iSecurity colleagues are currently focusing, in particular, on protecting our data and IT infrastructure against attacks and on raising employee awareness. At Corporate Data Privacy, we always get involved when personal data is concerned, and that is often the case. I can only repeat the message we emphasise in every single training session: we must all remain vigilant. It’s much better to think things over one last time or send a query to ISO or DSK than to click carelessly.
Constantly increasing data protection requirements, coupled with the multi-million-euro fines famously meted out in recent years, have made companies much more aware of data protection and alerted them to its relevance. They must provide evidence of well-organised data protection and legal compliance, which requires increased efforts to protect personal data. If we look at our business models, it’s certainly no secret that all areas of our company process the personal data of consumers, business partners and employees.
I find it fascinating to work on solutions with people from different disciplines such as lawyers, technicians and marketing specialists. As I see it, my role (and that of my team) is to identify the requirements of data protection law, draw business-relevant conclusions and advise my colleagues as they implement these requirements and ask specific questions. And I show where feasibility ends. A job that presents new challenges every day and a field of activity that remains largely in flux, both legally and technically. A “cool” title pales in comparison, really.
With an exciting range of tasks. Hubert Burda Media has so many facets – from journalistic expertise to our online activities, from e-commerce to our technical departments. We are not comparable with an industrial company focused solely on production or supposedly more famous companies with a limited portfolio of products or services. And in Corporate Data Privacy, we have a wonderful, dedicated team with excellent, flexible working conditions and diverse training opportunities. But, of course, we also ask that our potential colleagues bring certain things to the table.
These days, it’s standard practice to google an applicant’s name or gather information about them from professional networks like Xing and LinkedIn – and from a data protection perspective, this is not a problem. In fact, applicants often provide links to their profiles. Researching an applicant’s private life is an absolute no-go. It is also not permitted to contact their current or previous employer(s) without their express consent. The best thing to do is to ask yourself the following: “Would I like it if someone enquired about me behind my back and what would that say about my future employer or boss?”
Inconsistencies always stand out, like chronological jumps or gaps in a person’s CV. Obviously it’s not a problem if someone takes some time out or changes the direction of their career. In fact, I think that can be advantageous. But it should be accounted for. When you read a cover letter, you can always tell whether the applicant has studied the company to which they’re applying, or whether they’ve simply sent out a “standard letter”.
A constant willingness to learn new things. You should enjoy communicating openly but clearly. The work is largely about understanding issues, aligning them with legal requirements and developing practicable solutions. You need both legal and technical knowledge to work in data protection. It definitely helps to have studied law or a technical subject, but applicants with relevant professional experience of data protection also have a chance.
Data protection specialists are pretty sparse at the moment, so we find a lot of candidates via direct contacts and recommendations. During this process – and when pre-selecting suitable applicants – we receive lots of support from our colleagues in the Recruiting Center and Corporate HR. Then we invite applicants for initial interviews. This stage is about getting to know them a little, sounding out their experience, skills and expectations and gauging whether they’ll fit in with the team. In the subsequent interview stages, we and our colleagues get to know the candidates more thoroughly. It helps if someone from the Recruiting Center takes part in these interviews too. I’ve had very good experiences with introducing applicants to the whole team – first of all, it gives you additional input as a manager, and second, it helps smooth the transition later on if the applicant ends up joining the team. During the second interviews, we also like to present candidates with fictional data protection cases to help us understand how they approach these sorts of questions.
With a realistic and honest assessment of your own abilities, and a clear idea of what you want or don’t want from your career. This includes asking good questions about your future role and about working conditions. Only when both sides lay their cards on the table can you – as an employer – make a well-informed decision about a future colleague, or – as an applicant – choose the right employer and team.
Treat your new colleagues as equals and don’t be afraid to ask questions and ask for help. Know-it-alls and yes-men will find it tough. And one more thing: data protection isn’t just for “nerds” or “bean counters” – it’s actually really fascinating.
