A career in Data protection & Privacy is very easy to develop for law graduate freshers and technology freshers if they are provided with the right guidance. This career is a techno legal career available to both law and technology students and is one of the hottest professions of today and for the coming times. You may do the following to develop the skills:
Read at least 10 bare privacy laws from the respective official websites. These must include GDPR, CCPA, China PIPL and the ones on the screen
Canada PIPEDA, Japan PIPA, South Africa POPIA, SPDI Rules under Indian IT Act, HIPAA, Breach notification laws in various US states
Present the various laws in powerpoint / google slides with at least following details from each of the laws - scope / applicability, definition of personal information & sensitive personal information, cross border transfer, appointment of data protection officer, offenses & penalties,
Get familiar with common privacy terms and start using them - Data subject, Data Principal, personal information, special categories of data, subject access requests, cross border transfer …, adequacy status, Privacy impact assessment etc..…remember the terms are different in different laws
Understand the various Privacy principles which are common across laws
Notice, consent, rights, accountability, limitation
Understand technical aspects of data such as encryption, anonymisation, pseudonymisation, masking, hashing, access control etc. and research on how these are used by companies in practice
Go to websites of enforcement agencies / and read high profile violations and understand why hefty penalties were applied. Try to find two latest violations on each of the Privacy principles.
Read some case laws such as Schrems II judgment, Novak vs data protection supervisor and understand the legal perspectives
Read some important interpretation guidance from Article 29 working party under EU directive and now EDPB under GDPR
Draft a Privacy notice / policy for your college website. Refer the Privacy notices / policies of European / US colleges and you may use them as a benchmark. Particularly pay attention to the use of shall, must, should, will etc. and inclusion of various principles in the notice / policy
Conduct a Privacy impact assessment of an application and prepare the report in a document. You may do it for a dating application or any other application you may use that you have a personal experience of. Refer the mentioned PIA / DPIA for COVID app by NHS in UK for reference or zoom PIA available on the internet
Read the privacy standards such as NIST Privacy framework, GAPP, ISO27701, ISO29001 and make audit checklists for each of them. See if you can conduct an audit of your college or an application on those standards.
Find a friend to whom you could present what you have done, video record your presentation and observe it for improvements
Doing the above properly would take a month or two. Once you do these, you are already on your journey as a Privacy professional.