Key facts

Programme fee

Full programme: £8,495 + VAT

Stage 1 – Workshop 1 + e-learning module 1 - £1,195+VAT

Stage 2 – e-learning modules 2 to 6 + Workshop 2 - £7,800 +VAT

Overall Programme length: 6-9 months

6 e-learning modules: approximately 10hrs of learning per module (see diagram below)

Programme Overview

Developing GDPR professionals: The first step of a successful readiness strategy for organisations

Developed in partnership with GO DPO® in response to the EU General Data Protection Regulation (GDPR), this part-time programme, prepares you to take the necessary steps to protect business continuity and reputation.

This part-time programme will:

  • Ensure responsible managers take positive, strategic control of the process by turning them into GDPR professionals
  • Aid your organisation in producing actionable change to transition to new legal and commercial ways of working
  • Offer the opportunity to become IAPP accredited by sitting the IAPP examination (included in the programme fee)

Bringing compliance requirements to life for your organisation

The GDPR requires substantial work to assess the regulation detail and implement new controls. Unlike other GDPR training options, which offer information only, this programme presents an applied approach, bringing the GDPR to life and considering how participants’ own organisations will transition to new ways of working.

This is achieved through a blend of interactive workshops and e-learning modules, equipping individuals with a working knowledge of the practical implications of the GDPR which could ultimately avoid heavy fines and reputational damage.

Henley Business School is the only triple-accredited European school to offer such a programme; you can trust that the GDPR Programme will provide not just the technical knowledge necessary but the associated leadership skills needed.

Content of online modules

  • Module 1: GDPR essentials
  • Module 2: Risk management
  • Module 3: Fundamental legal principles
  • Module 4: Substantive difference between Data Protection Directive 95/46/EC & the GDPR
  • Module 5: Data and security obligations
  • Module 6: Processing of data and cloud computing

Why you need to act now

The GDPR came into force across all EU Member States on the 25 May 2018.

In the wake of the UK vote to leave the EU, the Information Commissioner’s Office has stated that organisations must comply with the GDPR if they wish to continue to do business across the EU. In addition, the Data Protection Act 1998 is likely to be replaced with a new law in alignment with the GDPR.

In addition to loss of access to European markets, non‑compliance of the GDPR can result in fines of up to 4% of global turnover or €20m. Non-compliance can also result in significant reputational damage and a loss of customer confidence that can negatively impact sales.

Responsibility does not fall to one single person within an organisation – it requires engagement and collaboration from multiple functions. This challenge is not just about knowing and understanding the new regulations, and implementing one-off change but about proactively creating a positive business strategy that engages with the regulations and implementing this at all levels of the organisation.

Who is the Henley GDPR Programme for?

Data protection officers, leaders and senior managers across all private, public, voluntary and government sectors who are directly accountable for data protection.

Chose the study option that suits your professional role

Participants may choose whether they look at the basic components regarding essentials for GDPR (Stage 1), or go further into the regulation specifics and leadership behaviours needed to implement these (Stages 1 and 2).

Flexible learning options – Follow the full programme or just Stage 1.

You can attend the Stage 1 workshop at our Henley-on-Thames campus or at one of our pop-up campuses in central London and across the UK.

Should you then choose to progress to Stage 2 you will receive the Henley certificate of completion. Stage 2 residential workshops are held at the Henley-on-Thames campus. Those who commit to the full programme from the start benefit from an overall fee discount.

Programme structure

Henley GDPR Transition Programme: content and structure

Please note that each delegate must attempt an online assessment consisting of 20 questions and must achieve at least 70% pass mark in order to progress to the next module.


Benefit from ongoing contact* with Henley Business School through:

  • Access to resources from the online learning portal for up to 12 months
  • Henley alumni status

* Benefits only available upon completion of the full programme


For participants

  • Equips you to proactively manage a wide range of data protection and privacy challenges and empowers you to confidently implement change in your organisation
  • Benefit from one of the fastest and most reliable ways to future-proof a career in data protection

For your organisation

Non-compliance of the GDPR may result in fines, significant reputational damage and a loss of market and customer confidence. An organisation sponsoring a participant to complete the Henley GDPR Programme will benefit from a senior manager who really understands the technical implications of the GDPR and who will lead an approach to compliance that is both strategic and responsible.

Detailed module content

Module 1: GDPR essentials

  • Unit 1: Contract for a DPO
  • Unit 2: Key duties and responsibilities
  • Unit 3: Gap between policy, company appetite and reality
  • Unit 4: Managing senior management relationships
  • Unit 5: Hiring staff and support

Module 2: Risk management

  • Unit 1: Conducting a risk based DPIA
  • Unit 2: Data Protection Impact Assessment
  • Unit 3: Defining a personal data breach process

Module 3: Fundamental legal principles

  • Unit 1: Rights of Access
  • Unit 2: Consent
  • Unit 3: Data Controller and Data Processor
  • Unit 4: Data Processing
  • Unit 5: Notification to Supervisory Authorities and Data Subjects

Module 4: Substantive difference between Data Protection Directive 95/46/EC & the GDPR

  • Unit 1: Difference in scope between Directive 95/46/EC and key data protection principles
  • Unit 2: Expanding the definition of personal data and special personal data
  • Unit 3: Enhanced individual data protection rights
  • Unit 4: Key organisational and personnel changes
  • Unit 5: Mandatory personal data breach reporting
  • Unit 6: Global personal data transfers outside of the EEA and co-operation between Supervisory Authorities
  • Unit 7: New financial penalties and sanctions
  • Unit 8: Member State laws and the GDPR

Module 5: Data and security obligations

  • Unit 1: Formally managing the value chain and reducing complexity and risk
  • Unit 2: Data Protection by Design and by Default (Art.25, GDPR)
  • Unit 3: Data and security implications of sub-contractors and outsourcing personal data processing
  • Unit 4: Data and security implications when contracting with hardware and software vendors
  • Unit 5: Data and security obligations imposed on the value chain by Supervisory Authorities and industry Regulators
  • Unit 6: Legal, business and public relations implications for a personal data breach
  • Unit 7: Use of bring your own devices (BYOD) and the associated risks to personal data processing

Module 6: Processing of data and cloud computing

  • Unit 1: Overlap with security standards ISO 27001 and ISO 27018
  • Unit 2: Implementing Data Protection by Design and by Default (Art.25, GDPR)
  • Unit 3: Use of technical security measures – encryption, pseudonymisation and anonymisation to secure personal data (Art.32, GDPR)
  • Unit 4: Special considerations for the use of cloud computing
  • Unit 5: Special considerations for the use of mobile technologies
  • Unit 6: Special considerations for the use of the Internet of Things (IoT)
  • Unit 7: Trans-border personal data flows within and outside of the EU
  • Unit 8: Securing physical personal data records
  • Unit 9: IT management of security updates

Location and facilities

Finding us

We pride ourselves on understanding the need to create an environment which is both relaxing and comfortable enabling work and study to be focused and effective. From our unique riverside location to our impressive amenities, we provide an ideal environment for meeting success.

How to find us (PDF-1.15 MB)

Sports facilities

henley business school gym greenlands

Balancing busy work schedules with relaxation and exercise is an important aspect of our approach at Henley. The fully equipped and professionally staffed Fitness Centre with views overlooking the beautiful grounds and River Thames has everything needed to restore a sense of well being.

Business facilities

Business facilities - rooms

At our Greenlands site we provide a variety of meeting rooms and conference facilities. Our rooms have been designed with an emphasis on practicality with many of our rooms benefiting from the latest presentation equipment to ensure that your meeting runs smoothly.

Conference Rooms

The conference rooms at Greenlands, Henley, all feature air conditioning, natural daylight and excellent acoustics, as well as state-of-the-art AV and presentation technology controlled by bluetooth touch screens, free WiFi access, laptop connections, networked PC and large screens. Our larger rooms also have repeater screens. Each conference room has access to dedicated syndicate and break-out rooms and refreshment areas close by. Stationery, flipcharts, photocopying facilities and whiteboards are included as standard.

Meeting Rooms

All syndicate and meeting rooms at Henley are fitted with a large screen, networked PC, whiteboards and have free WiFi access and laptop connections. River House 1-14 are also fitted with Copycam, allowing users to capture whiteboard notes at the touch of a button. Digital recorders, video and stills cameras are also available on request. All are laid out boardroom style.


Henley Business School Bedroom

We have 100 rooms including some with disabled facilities. All rooms are en-suite & include a safe, trouser press, laptop connection with free Wi-Fi access, direct dial telephone, satellite TV with radio, Molton Brown toiletries, tea & coffee making facilities and a hair dryer. Photograph of Thames Court accommodation.

Full English breakfast is served in our main dining room, which overlooks the River Thames. Our dedicated staff maintain the facility 24 hours a day, seven days a week. All guest rooms receive daily housekeeping services.


Dining at Henley Business School Greenlands

When it comes to dining, we offer you choice, quality and flexibility. We understand that you also want facilities that are conducive to networking, and dining arrangements that integrate seamlessly with the other aspects of your day. Henley is renowned for both its excellent standards of service and the high quality of cuisine. The chefs and their professional staff are able to offer the sophistication of a memorable evening dinner in the spacious dining room, with its views over the lawns down to the Thames.

Fresh, varied breakfasts are prepared by award-winning chefs and served each morning in the beautiful, riverside restaurant - the Heyworth Room.


Several tea and coffee areas are situated throughout the buildings, the Garden Common Room is situated beside the Heyworth Room and is open throughout the day and evening offering a wide range of Fairtrade drinks and a selection of biscuits. The bar is open each evening serving a full range of drinks.

Henley Conference Centre and Hotel

Set in its own 30 acre estate in the beautiful Oxfordshire countryside, alongside the River Thames, this magnificent Grade II Listed Building offers excellent conference, meeting and event facilities and provides a spectacular setting for any gathering. For more information about booking our beautiful facilities please visit the Henley Conferences website.

History of Greenlands

Records indicate that there has been a house on our Greenlands site for 500 years, although the house would have originally been much closer to the river.

Greenlands has been home to a series of notable families and individuals throughout its lifetime. These include Thomas Chaucer, son of Geoffrey Chaucer; Robert D'Oyley, Sheriff of Oxfordshire in 1573; Bulstrode Whitelock, Oliver Cromwell's Ambassador to Sweden and most recently WH Smith, who bought the existing house in 1871. Queen Elizabeth I is also known to have visited on more than one occasion, most likely when staying at her royal palace in Reading.

The site became the home of a new Administrative Staff College in 1946, first welcoming students in 1948. In 1952, after the unexpected death of Viscount Hambleden from whom the College leased the site, an opportunity to purchase Greenlands' 30 acres arose. The College was renamed Henley Management College in 1991, and following the 2008 merger with the University of Reading became Henley Business School. Today, the world-ranked Henley MBA, The Henley DBA and our executive education programmes are delivered at Greenlands.

Offers & Discounts

Alumni discount

  • 10% reduction on the programme fee for Henley alumni
  • 10% reduction on the programme fee for members of The Henley Partnership

For more information please contact

Multiple bookings

When booking multiple open programmes which are paid for upfront, the following discount structure applies:

  • 2-4 people = 10% reduction
  • 5-9 people = 15% reduction
  • 10+ people = 20% reduction

A 50% discount is available to registered charities - please note that the discount is applied at Henley Business School's discretion and to confirm eligibility please contact

Please note: Only one discount can apply.

One-day HR Masterclasses do not qualify for this multiple bookings fee reduction.



The Henley Way

Helping you become exceptional is at the heart of everything we do. The Henley Way is highly practical, collaborative and academically rigorous. We develop confident leaders and professionals who are able to take a fresh perspective and have the energy, capability and resilience to ensure that they and their organisations are successful.


  • Engagement
  • Awareness
  • Alignment
  • Rigour & relevance
  • Trust

The Henley Way is much more than a set of principles. It is ingrained in our spirit and fundamental to our purpose and heritage, characterising the way we can help you to deliver exceptional performance.


We engage with you at the deepest level, fostering a shared spirit of curiosity, exploration, investigation and learning. We collaborate with you in order to challenge assumptions and mindsets, and get to the heart of the real business issues you face.


By creating a safe environment that promotes self-reflection, you are able to ask yourself those crucial questions that allow you to learn more about what informs your strategic business decisions and actions.


We work closely with you to diagnose your strategic individual and organisational aims. We then identify programmes that are best aligned to these goals, or we can co-evolve a learning design specifically aimed at achieving these strategic outcomes.


We draw on world-class research and originate leading-edge thinking – but theory remains theory unless it is applied to real-world business. All of our programmes are delivered by experienced faculty who integrate academic rigour with commercial application. What you learn translates into business results.


Our customers rely on our long history and global reputation for successful executive development. These strengths underlie our responsible and collaborative way of working with you to co-create the very best executive learning experiences and commercial outcomes.

At Henley we know we cannot just be exceptional – we are here to help you become exceptional.


Contact Image

Contact Us

If you have any questions, please contact our programme advisors, Hannah, Ruhi & Diana by email at or by phone on +44 (0)1491 418767.