Will The EU Data Protection Rule Block Due Diligence?

The FCPA Blog | By: Robert Clark | November 13, 2017:

Companies minimize the risk of corruption by adequately vetting their prospective representatives ~ typically by reviewing information about the financial interests and relevant connections of the intermediaries’ owners and key personnel, and screening those individuals for reputational and criminal-history issues.

These routine inquiries will soon become considerably more difficult.

In May 2018, the European Union’s General Data Protection Regulation (GDPR) will go into effect, requiring affected companies to implement heightened safeguards in their collection, use, disclosure, and retention of information about individual persons.

The Regulation has a broad territorial reach, applying not only to companies based in the EU, but also to any company offering goods and services to EU residents or that uses personal data in connection with “the monitoring of [EU residents’] behavior as far as their behavior takes place within the Union.”

There is a troubling ambiguity in that phrase.

The purpose of due diligence is to anticipate potential illicit acts an intermediary may be in a position to commit. Identifying such risks requires accurate information about individuals’ connections and interests.

It is unclear whether such prior-history information is within the GDPR’s scope – whether “the monitoring of behavior” includes inquiries into a person’s past activities and associations.

If so, due diligence becomes much harder.

To read full article – please click here.