In our March edition of Risk and Compliance highlights includes: GDPR & data protection; anti-bribery & corruption; AML & CTF; sanctions & export controls; information management & security; a selection of other news and updates; and all the latest new and updated content.
The European Data Protection Supervisor (EDPS) has issued its opinion on the opening of negotiations for a new partnership between the EU and the UK. The EDPS recommends that the envisaged partnership ensures security and economic partnerships are underpinned by adequate protection of personal data, defines priorities for institutional co-operation and assesses onward transfers of personal data. See: .
UK data protection rules could be tweaked after Brexit if the government sees benefits and there is no impact on a data-transfer deal with the EU. See: and News Analysis: .
GDPR
The European Data Protection Board (EDPB) has addressed various topics related to the General Data Protection Regulation, ​ (GDPR), during its eighteenth plenary session held on 18 and 19 February 2020. It has qualified the implementation of the GDPR in the last 20 months as successful. Despite lingering concerns such as the harmonisation of national procedures, the EDPB concluded that it was premature to conduct a revision of the GDPR. See: .
Article 97 of the GDPR​ requires that by 25 May 2020 (and every four years thereafter), the European Commission submits a public evaluation and review of the GDPR to the European Parliament and to the Council. The EDPB has published its contribution to this evaluation of the GDPR. See: .
Europe’s formidable new data protection laws have created challenges for companies facing demands for employee communications as part of fraud investigations, leaving lawyers to balance the risk of privacy fines against the potential ire of government enforcers. See News Analysis: .
The Data Protection Intelligence Group has begun work on a guide to the negotiation of data protection provisions in commercial agreements between controllers and processors. See News Analysis: .
After a big drop in the number of investigations opened last year, the SFO will need some big wins like the recent Airbus settlement to convince doubters that it is doing enough to fight corruption and fraud. The plunge in new casework doesn't make for good reading for an agency that has been criticised by campaigners and lawyers for its failure to grasp the financial-crime nettle. See News Analysis: .
In a letter addressed to SFO Director Lisa Osofsky, civil society groups Transparency International UK and Spotlight on Corruption have urged the SFO to toughen its stance on corporate criminality, by demanding the UK’s DPA regime be consolidated. The organisations have urged for greater consistency and fairness in how DPAs are applied, particularly with regard to reducing the gap between companies’ self-reporting and cooperation. See: .
Prosecutors received a boost in their fight against corruption after the first use of new powers to target suspected criminal assets survived a concerted legal challenge. See News Analysis: .
DPAs
Southwark Crown Court has approved a deferred prosecution agreement (DPA) requiring Airbus SE to pay a total financial sanction of €983,974,311 to the SFO after it was charged with five counts under of the Bribery Act 2010 () of failing to prevent persons associated with it from bribing third parties in order to secure the purchase of its aircraft. Pam Shearing, solicitor and director at Fulcrum Chambers Ltd, Farheen Ishtiaq, solicitor, and Emily Lewis, solicitor, examine the judgment and the DPA. See News Analysis: .
The €3.6bn (US $4bn) penalty Airbus SE paid to three global enforcers after admitting to a string of bribery and corruption offences is not only one of the largest ever corporate fines for bribery, it represents a milestone for international anti-corruption cooperation. See News Analysis: .
The Law Society has responded to the Fifth Money Laundering Directive (5MLD) and Trust Registration Service Technical consultation. In its response, the Law Society declared that it is concerned that current proposals would require ‘enormous numbers of low risk trusts to be registered’. It has therefore urged the government to ‘transpose the Directive in a way which proportionate to the UK context, where trusts arise in many different types of ordinary arrangements’. The new proposals are to come into effect 10 March 2020. See: .
Global anti-money laundering watchdog, the Financial Action Task Force (FATF), told countries on Friday 21 February 2020 to protect their financial systems from dealing with Iran, as it blacklisted the country for failing to improve its safeguards against terrorist financing. See News Analysis: .
Sanctions & export controlsEU sanctions
The government has published guidance on the UK sanctions regime under the . This guidance confirms that EU sanctions will continue to apply in the UK until 11pm on 31 December 2020. See: .
MLex: Deutsche Telekom, Orange, Vodafone and other telecoms and Internet platforms will face a revised, slimmed-down draft of EU rules in the coming weeks aimed at protecting privacy and security over communication networks, MLex understands. See News Analysis: .
MLex: National data-protection authorities will discuss revised guidelines next month on how to enforce EU rules that require websites to ask users for consent for cookies that are used to track web activity, after several authorities adopted conflicting approaches, said an official at a group of data privacy enforcers. See News Analysis: .
The National Cyber Security Centre has issued guidance to help private and public sector organisations deal with the effects of malware (which includes ransomware). It recommends steps to take before a malware infection has occurred and also suggests steps to take if the organisation is already infected. See: .
* denotes a required field
0330 161 1234