In response to the OECD Working Group on Bribery’s (WGB) call for comments from stakeholders as part of its upcoming review of the 2009 OECD Anti-Bribery Recommendation, TRACE has submitted its overview of the significant challenges the new EU data protection legislation poses to corporate anti-bribery compliance programs.
Specifically, our submission describes in detail the ways in which the GDPR and other similar personal data protection laws create new significant liability risks for companies and add costly and time-consuming obligations when the companies carry out best-practice anti-bribery compliance processes.
Given that the GDPR is being considered by many countries as a model for implementing similar data protection laws in their jurisdictions, our submission calls on OECD members — most of which are member states of the EU and European Economic Area — to provide companies with detailed guidance on how the challenges posed by the GDPR to anti-bribery compliance programs may be resolved in practice.
We also suggest that the OECD should make a recommendation for member countries to subject their existing and pending personal data protection legislation to review and consultation by relevant government departments and other stakeholders regarding the impact of such legislation on anti-bribery compliance, incentivizing good corporate behavior, and on the countries’ international anti-bribery commitments.
Finally, countries should seek ways to harmonize their approaches to the equally important goals of fighting corruption and protecting personal data rights of individuals.… Continue Reading
We’re based in the United States, so how does the GDPR concern us?
GDPR’s Article 3(1) ties the GDPR’s territorial scope to being established in the EU, while Article 3(2)(a) extends the GDPR’s reach to those non-EU companies that offer products or services to individuals in the EU.… Continue Reading
It has been over three months since the EU General Data Protection Regulation (GDPR) went into effect. The sky hasn’t fallen, and we are still here.… Continue Reading
The General Data Protection Regulation (GDPR) came into effect in May. With the risk of hefty fines, it’s no surprise that GDPR compliance tops the agenda for many organizations.… Continue Reading
On May 24, I wrote a post for the FCPA Blog about TRACE’s concerns that Article 10 of the new EU General Data Protection Regulation (GDPR) presents an obstacle to anti-bribery due diligence of third parties, and how we have advocated for an EU-wide, or at least a national-level, solution.… Continue Reading
We at TRACE have written extensively about our concern that Article 10 of the new EU General Data Protection Regulation (GDPR) presents an obstacle to anti-bribery due diligence of third parties, which is a necessary component of any corporate compliance program under the FCPA and other transnational anti-corruption laws (here, here, here, and here).… Continue Reading
In less than two weeks the new General Data Protection Regulations (GDPR) will be in full force. Most companies subject to the GDPR have prioritized efforts to implement necessary internal safeguard measures, procedures and required contractual provisions.… Continue Reading