Companies' GDPR strictures clash with corruption-screening duties, OECD bribery watchdog says
21 May 2018. By Ben Lucas and Martin Coyle
Companies risk being torn between compliance with strict new EU data-privacy rules and upholding their duty to screen out corruption risks, fears Drago Kos, the head of the OECD's global bribery watchdog.
The EU’s General Data Protection Regulation, or GDPR, seeks to strengthen the privacy rights of EU citizens.
Coming into force this Friday, the legislation provides for national data regulators across the bloc to fine companies up to 4 percent of their annual global turnover or 20 million euros ($24 million) for serious infringements.
But some have raised concerns that the GDPR cuts across companies’ existing responsibilities to investigate and conduct checks for bribery and corruption risks.
Among them is Drago Kos, the head of the Organization for Economic Cooperation and Development's Working Group on Bribery. He told MLex that he was “concerned” that confusion remains over how to be compliant with both spheres of regulation.
Under US and UK anticorruption legislation, for example, companies must demonstrate they took reasonable steps to screen employees and agents who are later accused of bribery and corruption, if they wish to avoid prosecution, or receive a reduced penalty.
Such due-diligence checks could include requests for personal data, such as previous criminal convictions, which are to be more tightly regulated under the GDPR.
“I've met some of the data-protection specialists and each of them has a different opinion on how to implement the GDPR," Kos told MLex. "I can easily imagine that confusion with the non-specialists is even bigger, and this will have consequences in many areas."
“Either mistakes will be made, or responsible individuals or services will be too careful and they will not fulfil their basic tasks. For sure, areas such as compliance or anti-corruption will be hit, too. Hopefully, confusion will not last too long,” he said.