Meet Rob Masson, CEO at Data Protection Company: The DPO Centre

As founder and CEO of The DPO Centre, Rob is actively driving innovation, transformation and thought leadership in data protection and privacy. With over 30 years of business experience, Rob has been involved in delivering solutions to some of the world’s largest and most respected companies.

Rob set up The DPO Centre to assist organisations of all sizes to identify how evolving Data Protection legislation will affect them, the steps they need to take to comply, and how when implemented well, compliance builds trust, confidence, loyalty and engagement.


dpo centre logo


What have been your greatest achievements with the DPO Centre over the past 12 months?

The past 12 months has been a period of uncertainty for privacy and data protection regulation in the UK and across the world. As a result, The DPO Centre continues to see rising demand for privacy experts, leading to the company nearly doubling in size again in the last year.

Due to the nature or extent of personal data processed, many small and mid-size organisations are required by the General Data Protection Regulation (GDPR) to appoint a Data Protection Officer (DPO), however these requirements do not necessarily warrant a full time position. Where this is the case, the best value option is to outsource the role to an organisation such as The DPO Centre that provides the required level of expertise, but delivered on a ‘fractional’ basis. Given the sensitivity of the data processed, this is particularly the case for regulated industries such as healthcare and financial services, where we continue to see strong demand.

Demand is also accelerating outside of the EU in jurisdictions such as North America and Asia. The ‘extra-territorial scope’ of the GDPR means that organisations based outside of Europe that are processing data on EU and UK residents are also required to comply with the GDPR. Examples include the many and varied life sciences organisations that are conducting clinical trials within the EU, or technology companies providing MedTech or FinTech apps and platforms that involve EU residents. Given this increasing demand, our intention is to open further offices in North America and the Middle East during 2023, in addition to our existing London, Dublin and Amsterdam offices.

For me personally, the biggest achievement of the year was seeing The DPO Centre evolve from an owner managed business to the beginnings of a mid-size business. Much of the past 12 months has been about cementing our sustainable, contract driven, recuring business model and significantly expanding our management team, but not to the detriment of earnings. There remains much to do, but we are in a good position to accelerate our growth still further this year.



What can we expect from Data Protection regulation in 2023?

The UK is in the process of reforming its data protection law post Brexit, however the Department for Digital, Culture, Media and Sport’s (DCMS) consultation on data protection is continuing to cause confusion, not helped by two changes in Prime Minister and the suggestion of a further change of direction to the privacy reforms.

The UK Data Protection Index, sponsored by The DPO Centre, consists of a panel of more than 500 UK based privacy experts who are surveyed each quarter. Over half predict that Government will continue with the current data protection reforms as per the consultation that began under the Johnson government in 2021. The second most popular prediction (27%) was that the UK would “revert back to the UK GDPR”. Around 15 percent of respondents believe that a “complete rewrite” of the law is likely, with the remaining seven percent predicting “something else”.

For many organisations, especially those processing personal data on EU residents, any regulation that significantly deviates from the EU GDPR is likely to make the burden of data protection compliance worse, as opposed to the consultation’s aim of ‘freeing companies from the burden of GDPR’. For example, organisations that process personal data on EU residents may well remain required to appoint a DPO to continue to comply with the EU GDPR and the “Senior Responsible Individual” that is proposed by the consultation to be required in the UK. The role of the SRI will, by its very nature (being senior), create a conflict with the independent role of the DPO as mandated by the EU GDPR. We believe the UK government’s current proposals will make compliance more complicated and expensive, not less, especially when added to the burden of compliance with the many other data protection laws entering into force globally.

Added to the current confusion is the eventual outcome of the new transatlantic privacy framework designed to enable the free flow of personal data between the EU and US . The framework is intended to replace the “Privacy Shield” that was invalidated by the Court of Justice of the European Union (‘CJEU’) in the now infamous Schrems II decision. The big question is whether the new framework will stand up to a further Schrems challenge, putting the €900 billion in annual cross-border commerce at stake.


What have been some of the challenges?

The DPO Centre is a knowledge business, so our challenges are always around people. Recruitment is our greatest challenge, as finding the number of suitably qualified and experience privacy professionals we need to maintain pace with our growth, presents a constant challenge. There are of course many accomplished and qualified privacy professionals, but <1% of those we consider, meet the criteria required to join our expert team. We have therefore, created our own training academy that runs alongside our graduate recruitment programme, that provides not only academic knowledge, but real-life experience through shadowing and mentoring from our DPO team.

The DPO Centre’s client base of over 700 organisations globally, has relied upon our expert support and guidance to ensure that their investment in compliance progressively reduces risk, builds trust, improves engagement and increases loyalty. Overall, 2022 was a year of change and uncertainty for privacy and data protection regulation, and the indicators for 2023 are no different. With this increasing complexity comes the ever-greater need for expert advice and guidance. We therefore fully expect that this environment will ensure The DPO Centre continues to thrive.



Would you like SEO or PR for your business?
Contact us here for more information >>