GDPR: Do You Need Consent to Perform Due Diligence?

The GDPR and is almost here and I frequently get consulted about the role and the impact of the Regulation on anti-corruption due diligence as this latter process is very likely to retrieve personal information.

In particular, very recently, I was asked if consent was required.

Making a long story short, no, it is not necessary.

Article 6 of the Regulation, besides consent, sets out other legal basis for processing:

  • legal obligation. We know that, in light of anti-corruption duties, making due diligence on agents, consultants or other third parties fall into this category.
  • To protect vital interests. Economic interests are amongst these  and we know that fines for violation of (foreign) bribery are quite important (without even mentioning the possible repetitional damages)

Therefore, it is imperative performing an appropriate due diligence which would enable to keep your organization safe, by acquiring the  information actually needed only.

This post is also available in: it fr es

Published by

Michele La Neve

White Collar Crime Attorney at Whitecotton Law Dedicated to Helping Clients Overcome Unforeseen Business Risks.

Leave a Reply