Are you a Superhero?

Superman…-Saves-the-DayOne of the biggest changes in data protection and privacy to usher in the New Year with a bang is publication of the EU General Data Protection Regulation (GDPR) later this month. And it’s really important that all companies take the necessary steps to protect themselves from becoming liable for personal data breaches under this EU Regulation.

As reported extensively in this blog over the last 12 months, the GDPR will force all organisations to re-wire their thinking as well as their data protection policies and procedures for handling personal data under a fundamental change in European law.

Experience to date shows that effective training is the first line of defence and by far the best way to mitigate against the risks of being landed with a massive fine – which can be as high as €20m or 4% of global turnover.

In fact, training is mandatory under the GDPR and the 24-month transition period that will soon follow after publication of the GDPR will be a critical opportunity to get things right before it’s too late.

There’s now an imminent legal requirement under European law that any person appointed as a DPO must be up-to-date with all the changes brought about by the GDPR.

At Henley Business School we’ve developed a benchmark DPO Programme for this new breed of senior manager, leading to the DPO Certificate.

Article 35 – Article 37, Article 53 and Article 79, GDPR spells out in some detail the duties and responsibilities as well as the position of the DPO in the organisation.

We’ve broken this down into eight skill sets, mapped against career experiences that post-holders will be expected to have on their CV as well as behaviours they’ll need to demonstrate in order to be considered for the job that will report into the CEO.

If you’d like to get hold of a copy of our skills matrix for the DPO, contact me at

Leave a reply