Business continuity risk for FS sector as a result of major shake-up in data protection laws across the EU

The EU General Data Protection Regulation (GDPR) passed on Thursday, represents a huge threat to business continuity for all financial services organisations in the UK, according to Henley Business School.

The way in which financial services organisations collect, use, transfer and store personal data of millions of EU customers and clients must now comply with the GDPR or companies will face punitive fines of up to 4% of global turnover or €20m.

One of the key changes brought about by the GDPR is the way in which consent for processing personal data and special data, such as financial information of EU citizens or those within the EU, can be done lawfully.

For example, how the consent was obtained and how long it remains valid for must be recorded. And all communication with a customer or client must be age appropriate. Failure to observe these basic requirements could lead to corrective measures being imposed by the Supervisory Authority (Information Commissioner’s Office) and the Regulator (Financial Conduct Authority) alongside side financial penalties and in severe cases, cessation of all personal data processing.

“Financial services firms will now face a raft of guidance from the ICO that will be in alignment with these new data protection principles and this will effectively introduce the GDPR ‘through the back door’ well before the deadline of the two-year transition has expired”, warns Ardi Kolah, co-programme director at Henley.

In response to demands from the financial services sector, an online executive education programme has been launched by Henley to train the next generation of Data Protection Officers (DPO) required to be appointed under the GDPR.

“This new breed of senior manager – whether in-house or independent – will be responsible to the Board for ensuring compliance with the GDPR as well as implementing changes that reach into the deep tissue of an organisation where personal data is vital for creating growth and sustaining profitability,” adds Professor John Board, Dean, Henley Business School, part of the University of Reading.

EU GDPR programme at Henley Business School announced

Kolah says research carried out by GO DPO® shows that around 33,000 financial services companies will require a DPO among a raft of new obligations that make this EU Regulation a “game changer” in how organisations can continue to do business within the EU.

DPO Programme has been developed by a team of subject experts in legal, risk management, communication, HR and technology skills that have looked at the new EU Regulation through the lens of protecting business continuity.

The DPO Programme combines immersive online learning with face-to-face interaction at residential introductory and integration workshops that will be facilitated by a Supreme Court judge from Canada.

The DPO Programme can be completed in five months, provided those who register can achieve a minimum pass rate of 70% across all assessments.

The DPO Programme includes what a DPO can expect to tackle in the first 100 days in office, risk management, principles of GDPR, substantive differences between the new EU Regulation and Data Protection Act 1998 as well as new data and security obligations and processing and cloud computing and the impact of the GDPR on the Internet of Things.