The EU General Data Protection Regulation (GDPR) due to be introduced by EU member states by May 2018 represents a huge threat to business continuity warns Henley Business School.
The way in which organisations collect, use, transfer and store the personal data of millions of EU customers and clients must comply with the GDPR or companies will face punitive fines of up to 4% of global turnover or €20m.
One of the key changes brought about by the GDPR is the need for organisations to record how they obtained consent for processing the personal data and financial information of EU citizens and for how long that consent remains valid.
In addition, all communication with a customer or client must be age appropriate.
Ardi Kolah, co-programme director of Henley Business School, warns that failure to observe these basic requirements could lead to corrective measures being imposed by the Supervisory Authority (Information Commissioner’s Office) and the Regulator (Financial Conduct Authority), in addition to financial penalties and, in the worst cases, cessation of all personal data processing.
He said: “Firms will now face a raft of guidance from the ICO that will be in alignment with these new data protection principles and this will effectively introduce the GDPR ‘through the back door’ well before the deadline of the two-year transition has expired.”
In preparation for the changes, Henley Business School has launched an online executive education programme to train the next generation of Data Protection Officers (DPO) required to be appointed under the GDPR.
The five-month DPO Programme combines online learning with face-to-face interaction at residential introductory and integration workshops.