In response to the OECD Working Group on Bribery’s (WGB) call for comments from stakeholders as part of its upcoming review of the 2009 OECD Anti-Bribery Recommendation, TRACE has submitted its overview of the significant challenges the new EU data protection legislation poses to corporate anti-bribery compliance programs.
Specifically, our submission describes in detail the ways in which the GDPR and other similar personal data protection laws create new significant liability risks for companies and add costly and time-consuming obligations when the companies carry out best-practice anti-bribery compliance processes.
Given that the GDPR is being considered by many countries as a model for implementing similar data protection laws in their jurisdictions, our submission calls on OECD members — most of which are member states of the EU and European Economic Area — to provide companies with detailed guidance on how the challenges posed by the GDPR to anti-bribery compliance programs may be resolved in practice.
We also suggest that the OECD should make a recommendation for member countries to subject their existing and pending personal data protection legislation to review and consultation by relevant government departments and other stakeholders regarding the impact of such legislation on anti-bribery compliance, incentivizing good corporate behavior, and on the countries’ international anti-bribery commitments.
Finally, countries should seek ways to harmonize their approaches to the equally important goals of fighting corruption and protecting personal data rights of individuals.
The full text of TRACE’s submission to the WGB is here.
The WGB has extended the deadline for submissions until May 6, so you still have time to submit your comments as well.
Illya Antonenko, pictured above, is Data Protection Officer and Counsel for TRACE. He has advised clients as outside counsel, in-house and now at TRACE regarding cross-border transactions, general corporate issues and FCPA compliance matters and investigations for 17 years. He has leveraged his experience in international matters by developing expertise in the General Data Protection Regulation and other data protection laws.