The EU's incoming General Data Protection Regulation (GDPR) will force companies around the world to create as many as 75,000 data protection officer (DPO) roles to achieve compliance with the new law, even if they don't have operations in the EU.
The GDPR will come into effect on 25 May 2018, and there will not be any 'grandfathering' of existing contracts.
Organisations will need to be 100 per cent compliant from day one, or risk fines of up to four per cent of turnover.
It has been claimed that the bureaucratic burden of compliance will aid large technology companies over their smaller rivals.
But the International Association of Privacy Professionals (IAPP) believes that the GDPR will require the widespread and large-scale recruitment of DPOs - typically lawyers specialised in data protection law - to stay on top of the regulations.
"Because the EU's 28 member states together represent the world's largest economy and the top trading partner for 80 countries, many companies around the globe buy and sell goods to [and from] EU citizens and are thus subject to the GDPR," said the IAPP.
One of the requirements of the GDPR is that any organisation conducting large-scale processing of personal data must have a DPO who is independent from the organisation.
Hence, companies across the world will need to consider how to introduce such a role into their business, including the extent of their authority, to whom they report and how the role will operate.
The IAPP said earlier this year that organisations in Europe and the US will require at least 28,000 DPOs at a conservative estimate.
Using the same methodology, the IAPP now believes that as many as 75,000 DPO roles will be created in response to the GDPR, not just in the EU and US, but across the world.
"The DPO requirement is borrowed from a similar programme Germany has had in place for a decade, and other economies, including France and Sweden, for example, have the concept of the DPO well established," said the IAPP.
"Still, it's a new concept almost everywhere outside the EU and is bound to generate some confusion."
The DPO requirement is covered under Article 37 of the GDPR, which states that such specialists will need to be "designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices". Their tasks are designated under Article 39 of the GDPR.
Using a standardised methodology, the IAPP estimated the number of DPOs who will need to be recruited among organisations in the EU's top 10 trading partners, as well as other major trading partners.
The US, according to the IAPP, will need to find 9,000 DPOs with an understanding of data protection laws across the EU, while China will need to find 7,568, Switzerland 3,682 and Russia 3,068.
"Where will these 75,000 DPOs come from? Many companies remain in a wait-and-see mode," said the IAPP.
The EU's Article 29 Working Party, the data protection umbrella group that includes the UK's Information Commissioner's Office, will release guidance regarding compliance with the data protection role in December.
Biometrics of more than five million taxpayers taken by HMRC
Central Bank of India forced to make banks take basic security more seriously
Qualcomm planning to use TSMC's 7nm process to make fast and power-efficient rival to Intel
Voice assistants in smart homes will reach 275 million in five years' time, and Amazon is in pole position