GDPR fines - what this means for businesses
It's been a busy summer for the Information Commissioner's Office (ICO) which announced more than £283 million in fines in July alone.
The message is clear, the ICO intends to be a vigorous enforcer of both the GDPR and the Data Protection Act (DPA) 2018. Since GDPR came into force, 66 enforcement notices have been issued in the UK. While some of these will relate to breaches of the DPA 1998, the headline-grabbing fines issued to Marriott (£99m) and British Airways (£183m) show that the penalties for infringing the new legislation will be high.
The Information Commissioner, Elizabeth Denham, shows unequivocal support for the spirit of the new laws; organsiations entrusted with personal data must look after it. Those that don't will face the scrutiny of her office.
So what do the newly-issued notices tell us? Our blog looks at the procedural failures that led to these fines and highlights what companies of all sizes need to be doing to ensure that they have the necessary assurances in place to mitigate the risk of prosecution.
Preventing tax evasion
The grey area between tax avoidance and tax evasion can be difficult to navigate. Companies are increasingly expected to implement responsible tax practices, placing ethics ahead of compliance.
GoodCorporation's most recent business ethics debate asked what more companies could be doing to prevent tax evasion? Hosted by Lord Bilimoria, founder and chairman of the Cobra Beer Partnership, the discussion was introduced by Lisa Rosen, chief compliance officer at the European Bank for Reconstruction and Development (EBRD).
Lisa began with an assessment of how the EBRD evaluates tax practices, highlighting what it considers acceptable and unacceptable, in particular the use and acceptability of third jurisdictions for tax purposes. Attended by general counsel and heads of tax from leading UK companies, the debate explored the risks businesses face and the mitigating measures needed to ensure responsible tax practices are in place.
Growth in investigation work
GoodCorporation has seen a rise in its investigations and eDiscovery work over the last 12 months as more organisations carry out discreet investigations as part of their on-going governance and compliance efforts.
Using an electronic discovery system, we are able to carry out extensive document searches that produce carefully distilled information for our team members to analyse.
Forensic investigations such as these are often carried out when organisations face allegations of fraudulent or corrupt activity. They may also be deployed in response to whistleblowing concerns raised by staff or third parties.
Our work can be carried out on both fronts. Often, assessments are conducted under legal privilege for companies trying to verify allegations prior to considering whether or not to report or whether internal procedures are more appropriate. We anticipate further growth in this area as companies apply a more rigorous approach to ABC monitoring.
GoodCorporation is looking for a junior consultant to join our Paris office.
Candidates must be fluent in both French and English, educated to degree level with some relevant work experience and a demonstrable interest in business ethics.
The successful candidate will have the opportunity to travel as part of our assessment teams. They will also be trained in our methodology and have the opportunity to help grow the business. Full details are on our website.
Uber's decision last month to link executive pay to diversity targets was welcomed by GoodCorporation.
All too often companies publish statements about diversity but make no real efforts to ensure that staff live up to them.
Not only is this a real statement of intent, it also provides clear, measurable targets, suggesting that Uber is looking to go beyond words to address the toxic culture issues that came to the fore in 2017.
GoodCorporation's May debate in Paris asked whether legal compliance is sufficient to prevent corruption? Or do companies need to view regulatory compliance through an ethical lens?
For some, ethics and compliance are indivisible. A clear ethical code can support company values and drive the right behaviours, making it far easier to ensure compliance and good decision making. Others worried that being overly moralistic can put a break on enterprise.
This summer the UK government has announced two new initiatives aimed at protecting workers.
New legislation is being introduced to crack down on the misuse of Non-Disclosure Agreements (NDAs). The legislation is aimed at preventing NDAs being used to cover up criminal acts.
The government has also announced a consultation on sexual harassment in the workplace to see whether current laws provide the protection needed to ensure people feel protected.