Data privacy

#AskTheBoss: Jürgen Kempter


If a company invites you for an interview, then you’ve cleared the first hurdle in the application process. So how do you prepare? And what makes your future boss tick? The #AskTheBoss series provides an insight into different departments. Today we talk to Jürgen Kempter, our corporate data protection officer.

Since the war in Ukraine began, the Federal Office for Information Security has intensified its warnings about Russian hacker attacks. How does your department protect 11,000 Burda employees against attacks when one wrong click on a phishing email is all it takes for criminals to find a way in?

Cyber security was a hot topic way before the war in Ukraine. Together with BurdaSolutions, our iSecurity colleagues are currently focusing, in particular, on protecting our data and IT infrastructure against attacks and on raising employee awareness. At Corporate Data Privacy, we always get involved when personal data is concerned, and that is often the case. I can only repeat the message we emphasise in every single training session: we must all remain vigilant. It’s much better to think things over one last time or send a query to ISO or DSK than to click carelessly.

Your role isn’t just relevant, but also comes with a cool title: CDPO, Corporate Data Privacy Officer. What is it about the job that fascinates you?

Constantly increasing data protection requirements, coupled with the multi-million-euro fines famously meted out in recent years, have made companies much more aware of data protection and alerted them to its relevance. They must provide evidence of well-organised data protection and legal compliance, which requires increased efforts to protect personal data. If we look at our business models, it’s certainly no secret that all areas of our company process the personal data of consumers, business partners and employees.

I find it fascinating to work on solutions with people from different disciplines such as lawyers, technicians and marketing specialists. As I see it, my role (and that of my team) is to identify the requirements of data protection law, draw business-relevant conclusions and advise my colleagues as they implement these requirements and ask specific questions. And I show where feasibility ends. A job that presents new challenges every day and a field of activity that remains largely in flux, both legally and technically. A “cool” title pales in comparison, really.

Since the EU General Data Protection Regulation (GDPR) came into effect in 2018, workers have been in short supply. How do you attract capable applicants?

With an exciting range of tasks. Hubert Burda Media has so many facets – from journalistic expertise to our online activities, from e-commerce to our technical departments. We are not comparable with an industrial company focused solely on production or supposedly more famous companies with a limited portfolio of products or services. And in Corporate Data Privacy, we have a wonderful, dedicated team with excellent, flexible working conditions and diverse training opportunities. But, of course, we also ask that our potential colleagues bring certain things to the table.

Under GDPR, application documents are also subject to data protection. Is social monitoring permitted? And what are the absolute no-goes?

These days, it’s standard practice to google an applicant’s name or gather information about them from professional networks like Xing and LinkedIn – and from a data protection perspective, this is not a problem. In fact, applicants often provide links to their profiles. Researching an applicant’s private life is an absolute no-go. It is also not permitted to contact their current or previous employer(s) without their express consent. The best thing to do is to ask yourself the following: “Would I like it if someone enquired about me behind my back and what would that say about my future employer or boss?”

What’s the first thing that catches your eye on an application?

Inconsistencies always stand out, like chronological jumps or gaps in a person’s CV. Obviously it’s not a problem if someone takes some time out or changes the direction of their career. In fact, I think that can be advantageous. But it should be accounted for. When you read a cover letter, you can always tell whether the applicant has studied the company to which they’re applying, or whether they’ve simply sent out a “standard letter”.

What qualities do I need if I want to become a data privacy specialist or head of data protection?

A constant willingness to learn new things. You should enjoy communicating openly but clearly. The work is largely about understanding issues, aligning them with legal requirements and developing practicable solutions. You need both legal and technical knowledge to work in data protection. It definitely helps to have studied law or a technical subject, but applicants with relevant professional experience of data protection also have a chance.

How does your selection and application process work?

Data protection specialists are pretty sparse at the moment, so we find a lot of candidates via direct contacts and recommendations. During this process – and when pre-selecting suitable applicants – we receive lots of support from our colleagues in the Recruiting Center and Corporate HR. Then we invite applicants for initial interviews. This stage is about getting to know them a little, sounding out their experience, skills and expectations and gauging whether they’ll fit in with the team. In the subsequent interview stages, we and our colleagues get to know the candidates more thoroughly. It helps if someone from the Recruiting Center takes part in these interviews too. I’ve had very good experiences with introducing applicants to the whole team – first of all, it gives you additional input as a manager, and second, it helps smooth the transition later on if the applicant ends up joining the team. During the second interviews, we also like to present candidates with fictional data protection cases to help us understand how they approach these sorts of questions.

What’s the best way to win you over in the final interview? 

With a realistic and honest assessment of your own abilities, and a clear idea of what you want or don’t want from your career. This includes asking good questions about your future role and about working conditions. Only when both sides lay their cards on the table can you – as an employer – make a well-informed decision about a future colleague, or – as an applicant – choose the right employer and team.

What’s your top tip for career starters?

Treat your new colleagues as equals and don’t be afraid to ask questions and ask for help. Know-it-alls and yes-men will find it tough. And one more thing: data protection isn’t just for “nerds” or “bean counters” – it’s actually really fascinating.

More images & downloads

Group Privacy Officer Jürgen Kempter on his great, dedicated team and his exciting job, which is not for "nerds" or "bean counters" © HBM 

Related articles
#Ask the boss: Efahrer
#Ask the boss: Efahrer

The #Ask The Boss series gives insight into the work of various departments at Burda. Today, Markus Höllmüler, Executive Director at, answers our questions.

Ask the boss: Christian Teichmann
Ask the boss: Christian Teichmann

The #AskTheBoss series provides insights into different departments. This time, we talked to Christian Teichmann, CEO at BurdaPrincipal Investments (BPI), the growth capital arm of Hubert Burda Media.

#AskTheBoss: BurdaDirect
#AskTheBoss: BurdaDirect

How can you prepare for a job interview? What makes your future boss tick? In the #FragdieChefin series, Gerlinde Kimpel, Director Consumer Data & Services at Burda Direct, answers our questions.