The GDPR and is almost here and I frequently get consulted about the role and the impact of the Regulation on anti-corruption due diligence as this latter process is very likely to retrieve personal information.

In particular, very recently, I was asked if consent was required.

Making a long story short, no, it is not necessary.

Article 6 of the Regulation, besides consent, sets out other legal basis for processing:

  • legal obligation. We know that, in light of anti-corruption duties, making due diligence on agents, consultants or other third parties fall into this category.
  • To protect vital interests. Economic interests are amongst these  and we know that fines for violation of (foreign) bribery are quite important (without even mentioning the possible repetitional damages)

Therefore, it is imperative performing an appropriate due diligence which would enable to keep your organization safe, by acquiring the  information actually needed only.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s