Business continuity risk for organisations as a result of major shake-up in data protection laws across the EU

15 April 2016

Business continuity risk for organisations as a result of major shake-up in data protection laws across the EU

The EU General Data Protection Regulation (GDPR) passed today, represents a huge threat to business continuity for all organisations in the UK, according to Henley Business School.

The EU General Data Protection Regulation (GDPR) passed today, represents a huge threat to business continuity for all organisations in the UK, according to Henley Business School.

The way in which organisations collect, use, transfer and store personal data of millions of EU customers and clients must now comply with the GDPR or companies will face punitive fines of up to 4% of global turnover or €20m.

One of the key changes brought about by the GDPR is the way in which consent for processing personal data and special data, such as financial information of EU citizens or those within the EU, can be done lawfully.

For example, how the consent was obtained and how long it remains valid for must be recorded. And all communication with a customer or client must be age appropriate. Failure to observe these basic requirements could lead to corrective measures being imposed by the Supervisory Authority (Information Commissioner’s Office) and the Regulator (Financial Conduct Authority) alongside side financial penalties and in severe cases, cessation of all personal data processing.

Ardi Kolah, co-programme director at Henley, warns:

"Firms will now face a raft of guidance from the ICO that will be in alignment with these new data protection principles and this will effectively introduce the GDPR 'through the back door' well before the deadline of the two-year transition has expired."

In response to demands, an online executive education programme has been launched by Henley to train the next generation of Data Protection Officers (DPO) required to be appointed under the GDPR.

Professor John Board, Dean of Henley Business School, adds:

"This new breed of senior manager - whether in-house or independent - will be responsible to the Board for ensuring compliance with the GDPR as well as implementing changes that reach into the deep tissue of an organisation where personal data is vital for creating growth and sustaining profitability."

Kolah says research carried out by GO DPO® shows that in the financial sector alone, around 33,000 companies will require a DPO among a raft of new obligations that make this EU Regulation a "game changer" in how organisations can continue to do business within the EU.

DPO Programme has been developed by a team of subject experts in legal, risk management, communication, HR and technology skills that have looked at the new EU Regulation through the lens of protecting business continuity.

The DPO Programme combines immersive online learning with face-to-face interaction at residential introductory and integration workshops that will be facilitated by a Supreme Court judge from Canada.

The DPO Programme can be completed in five months, provided those who register can achieve a minimum pass rate of 70% across all assessments.

The DPO Programme includes what a DPO can expect to tackle in the first 100 days in office, risk management, principles of GDPR, substantive differences between the new EU Regulation and Data Protection Act 1998 as well as new data and security obligations and processing and cloud computing and the impact of the GDPR on the Internet of Things.

Contact Image

Contact Us

For more information please contact Marketing and Communications by email at marketing@henley.ac.uk .