Ethical hotlines and whistleblowing ensuring businesses are not in conflict with local laws

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Ethical hotlines and whistleblowing ensuring businesses are not in conflict with local laws"

Transcription

1 Ethical hotlines and whistleblowing ensuring businesses are not in conflict with local laws 16 January 2014 Robert Bond, CCEP Partner and Notary Public

2 Our Team Speechly Bircham is an ambitious, full-service law firm headquartered in London. We work with business and private clients across the UK and internationally and focus on the financial services, private wealth, technology, real estate and construction sectors We have offices in Paris, Luxembourg, Zurich and Geneva and a network of preferred law firms in most jurisdictions Our Data Protection & Information Law team provide a range of legal and consultancy on data privacy assessments, compliance, risk management, information security and data breaches We are listed in Chambers 2014 and Legal 500 as a leading law firm for Data Protection and have advised on this area of law since 1983 What I liked was the fact that the team was very willing for us to see it as an extension of our existing inhouse team. I like the way it integrated members sat alongside and guided us. That was what impressed. Robert Bond and his team have always provided comprehensive, practical advice on a timely basis. Their knowledge of the EU regulatory scene, including experience with specific agencies, as well as privacy issues globally has been instrumental in establishing our privacy policies and procedures. 2

3 Robert Bond A Solicitor, Notary and Certified Compliance & Ethics Professional, Robert has specialised in data protection since 1983 and is listed in the top 20 Best Privacy Advisers in a survey published in Computer World. In 2012 Robert was appointed an Ambassador for Privacy by Design by Commissioner Ann Cavoukian of Ontario. a brilliant lecturer, a meticulous lawyer and responsive if you contact him, you know he ll get back to you within the hour Chambers, 2008 He has advised many multinationals on transborder data flows and global data protection compliance since 1997, co-authored the ICC BCR Report in 2006, the ICC Guidelines on Basel II and Data Protection in 2007 and the ICC UK Cookies Guide in Robert is the author of many books, including Negotiating International Software Licenses and Data Transfer Agreements (Sweet & Maxwell) and Negotiating Software Contracts (Bloomsbury). Robert is a Companion of the British Computer Society, a Fellow of the Society of Advanced Legal Study, an Honorary Member of the Institute of Export and in 1994 was a researcher in Information Security and Data Protection at the University of Leicester. Robert is listed in Legal Experts 2013 and The Who s Who of International Internet & E-Commerce Lawyers. Robert is listed as Notable Practitioner for Data Protection in Chambers UK 2014 to 2010 describing him as an esteemed figure in the field. He has an impressive reputation for his work on cross-border data compliance and cutting-edge IT data privacy issues within the digital, online and social media spheres. Sources say: He continues to impress year on year. His spark of imagination and ability to grasp the technology are amazing. "He is up for anything and incredibly knowledgeable," report clients. "Everyone gravitates towards him. A very good communicator and very generous with his time. 3

4 Topics SOX 301(4) and EU Laws 2004 to today Anti-Bribery laws and data protection compliance Compliance requirements The cost of non-compliance

5 Sarbanes Oxley Act requirements SOX mandatory Code of Ethics A confidential, anonymous reporting mechanism SOX Section 301(4) states that "Each audit committee shall establish procedures for the receipt, retention and treatment of complaints received by the issuer regarding accounting, internal accounting controls or auditing matters; and the confidential anonymous submission by employees of the issuer of concerns regarding questionable accounting or auditing matters.

6 E.U. data protection principles an individual has a right to know what data is being processed about them; personal data has to be processed fairly and lawfully and with consent; personal data must be kept for no longer than is necessary and must be kept accurate and up to date; personal data must be, at all times, kept secure and where processed by a third party be managed securely; and personal data should not be transferred outside the European Economic Area to any other country that does not have adequate protection for the rights of the individual.

7 Conflict between SOX and EU Data Protection Laws EU member states data protection laws E.U. data protection authorities - All interpret the law differently CNIL Decision of 26 May 2005 (Group McDonald s France) CNIL Decision of 26 May 2005 (CEAC/Exide Technologies) The 5th Division of the Wuppertal Labour Court on 15 June 2005 (Wal-Mart Decision) Appeal dismissed too

8 CNIL reasons for their decision Anonymity Whistleblowing on too wide basis Information shared too widely Unfair collection of personal data Accused not immediately notified Rather long retention of data Lack of proportionality Fundamental data protection concerns

9 Compliance circle Roll out/training Policy Hotline vendor control Works Council Reporting restrictions Local laws Registration 9

10 UK Bribery Act and EU Data Protection Bribery is to dishonestly persuade (someone) to act in one s favour by a gift of money or other inducement The Act came into force on 1 st July 2011 and applies to those who give or receive a bribe in relation to a business in the UK Advice from the UK Government is that businesses should put in place antibribery policies and procedures including training to all officers and staff and any agents and suppliers Businesses that then implement reporting mechanisms such as ethical hotlines need to be aware of EU restrictions on such hotlines

11 Where do we find what is required by EU? CNIL, Art. 29 Working Party issued guidelines Allows anonymous reporting under certain conditions SEC and CNIL letters CNIL Guidelines, FAQ s CNIL on-line authorization Decision and forms Other member states have guidance (Spain, Germany, Austria) Local advice

12 French law amended for hotlines The CNIL Unique Authorisation no. 4 (authorisation unique no.4) deals with whistleblowing hotlines This authorisation only deals with whistleblowing relating to reports with regard to serious breaches in the accounting, financial, and banking sectors as well as anti-bribery The CNIL adopted a new deliberation in October 2010 modifying its AU-004. The aim was to avoid the confusion previously created by its art. 3 which included facts damaging the vital interests of the undertaking or to the physical or moral integrity of its employees The companies benefitting from an AU-004 for whistleblowing hotlines not strictly confined to the new text of the authorisation have a six-month deadline to ensure they comply with AU-004. There is no need to submit a new authorisation request

13 Differing stances of EU member States Compulsion Scope limitation Notification requirements Permission to transfer personal data outside the EEA Anonymity Specific requirements of local regulators Labor law requirements

14 Sweden - Notification (may impose limitations) - Data Protection applies - Limited to senior executives - Regulatory body: Datainspektionen - Published guidelines: guidance is limited to the following: - the system must be a complement to the company s normal internal administration and must be voluntary to use - the system must be limited to serious irregularities concerning accounting, internal accounting control, auditing, the fight against bribery and banking and financial crimes. The system may also be used for other serious irregularities concerning the company s vital interests or the life and health of individuals - only key personnel may be reported

15 Anonymity Spain regulatory body: Agencia de Protection de Datos - published guidelines: - Portugal regulatory body: - published guidelines: pdf Finland published guidelines: Whistleblowing System in Working Life regulatory body: Data Protection Ombudsman

16 Poland Difficulty faced by GIODO because of fair processing requirements of Polish Personal Data Protection Act PDP also requires specific documents for compliance whether or not there is a whistleblower hotline

17 Hungarian whistleblower guidance The Guidelines follow the Article 29 Guidelines..but Reports must be limited to grave violations of company policies The system must not be used to control work performance Reports cannot be made by staff directly to the parent company They must be reported to the local company The local company must manage the system and any contract with the service provider An employee that transfers personal data direct to the parent company may be liable to criminal and civil actions

18 Bulgaria Decision of the Data Protection Authority on a whistleblowing hotline Approved the use of a third party provider in the US Scheme included sensitive personal data The opinion was positive because the processing operation: - Has the necessary safeguards to protect the data - Allows for employees rights - The transfer is made to a Safe Harbor certified processor 18

19 Ethical hotlines: How do you achieve compliance? One size does not fit all ethical hotlines must be tailored to meet local requirements Reconfigure procedures Narrow scope of reports Remember country by country specifics Anonymity should be a last resort Retention periods should be observed Third party vendors need to be contractually controlled and guided

20 Potential Fines

21 Potential Imprisonment

22 Recent enforcement for breaches

23 EU General Data Protection Regulation - Data transfers Simplifying legitimising conditions - Binding Corporate Rules - European Data Protection Seal - Model clauses 23

24 THE COST OF NON-COMPLIANCE Other costs Reputational damage and loss of public trust Share price, turnover, profits Legal advice to prevent future loss Forensic examination Technological Compensation and responding to those affected Greater marketing push to improve public image Business disruption => Prevention is easier (and cheaper) than cure EU General Data Protection Regulation Fines of up to 100 million or 5% of annual worldwide turnover (whichever is greater) Notification without undue delay (72 hour notification period) 24

25 FURTHER INFORMATION For more information please contact: Robert Bond +44 (0)

Ethical hotlines and whistleblowing ensuring businesses are not in conflict. with EU laws 10 May 2012. James Castro-Edwards, solicitor.

Ethical hotlines and whistleblowing ensuring businesses are not in conflict. with EU laws 10 May 2012. James Castro-Edwards, solicitor. James Castro-Edwards, solicitor and Alexia Zuber, solicitor Data Protection & Information Law Group Ethical hotlines and whistleblowing ensuring businesses are not in conflict with EU laws 10 May 2012

More information

HOW TO HANDLE A WHISTLEBLOWER REPORT IN THE EU

HOW TO HANDLE A WHISTLEBLOWER REPORT IN THE EU HOW TO HANDLE A WHISTLEBLOWER REPORT IN THE EU 10 April 2014 Monica Salgado Advogada registered with the Portuguese Ordem dos Advogados Registered European Lawyer with the SRA Kirsti Laird Solicitor, (qualified

More information

BIG DATA AND THE INTERNET OF THINGS

BIG DATA AND THE INTERNET OF THINGS BIG DATA AND THE INTERNET OF THINGS 12 September 2013 Robert Bond Partner and Notary Public Janine Regan Solicitor Tughan Thuraisingam Paralegal Our team Speechly Bircham is an ambitious, full-service

More information

The Art of Constructing Global Whistleblowing Programmes

The Art of Constructing Global Whistleblowing Programmes The Art of Constructing Global Whistleblowing Programmes Mark E. Schreiber Chair, Privacy & Data Protection Group Steering Committee Edwards Wildman Palmer LLP 111 Huntington Avenue Boston, MA 02199 617-239-0585

More information

Data Protection and Information Security: The top 5 risks for 2013 1 November 2012

Data Protection and Information Security: The top 5 risks for 2013 1 November 2012 Robert Bond Head of Data Protection & Information Law Group Data Protection and Information Security: The top 5 risks for 2013 1 November 2012 Our team Speechly Bircham is an ambitious, full-service law

More information

OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES

OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES 4 April 2013 James Castro-Edwards Solicitor Monica Salgado Advogada / Portuguese Lawyer OUR TEAM Speechly Bircham is an ambitious, full-service law firm with

More information

Data Protection & Cyber Security Law Update 1 st October 2015

Data Protection & Cyber Security Law Update 1 st October 2015 Data Protection & Cyber Security Law Update 1 st October 2015 Robert Bond, Partner Janine Regan, Associate Viktoria Protokova, Data Protection Executive charlesrussellspeechlys.com Brief introduction to

More information

E-Discovery and EU Data Protection laws

E-Discovery and EU Data Protection laws Robert Bond robert.bond@speechlys.com Alexander Carter-Silk alexander.carter-silk@speechlys.com IP, Technology & Data Group E-Discovery and EU Data Protection laws Alex Carter-Silk, Partner, IP, Technology

More information

ICC Guidelines on Whistleblowing

ICC Guidelines on Whistleblowing ICC Guidelines on Whistleblowing Prepared by the ICC Commission on Anti-Corruption A. Introduction 1. No abatement of corruption and economic fraud Fraud remains one of the most problematic issues for

More information

Presentation by: Dr. Nathalie Moreno Partner. Cloud Computing and Data Protection: an Update 4 October 2012

Presentation by: Dr. Nathalie Moreno Partner. Cloud Computing and Data Protection: an Update 4 October 2012 Presentation by: Dr. Nathalie Moreno Partner Cloud Computing and Data Protection: an Update 4 October 2012 Our team Speechly Bircham is an ambitious, international mid-size fullservice law firm head-quartered

More information

Information Management Compliance and Data protection.

Information Management Compliance and Data protection. Information Management Compliance and Data protection. Technology, Media & Telecommunications Information is the life blood of every business. Yet how you use that information is increasingly regulated.

More information

Data and Cyber Laws Up-date 9 July 2015

Data and Cyber Laws Up-date 9 July 2015 Data and Cyber Laws Up-date 9 July 2015 Janine Regan Alexia Zuber Viktoria Protokova Simon Holdsworth charlesrussellspeechlys.com Topics Updates on the key aspects of, and commentary on, the proposed GDPR

More information

Whistleblowing Good Corporate Governance. IAPP Europe, Data Protection Congress November 2012, Brussels

Whistleblowing Good Corporate Governance. IAPP Europe, Data Protection Congress November 2012, Brussels Whistleblowing Good Corporate Governance IAPP Europe, Data Protection Congress 2012 14 November 2012, Brussels Aspects of "Whistleblowing" Protection Reporting Non-compliance with law, rules, standards

More information

Linde Integrity Line. Process and Data Protection Policy. 1 July 2007

Linde Integrity Line. Process and Data Protection Policy. 1 July 2007 Linde Integrity Line Process and Data Protection Policy 1 July 2007 Page 2 of 10 Table of Contents Preamble 3 1 Scope of application 3 2 Definitions 3 3 Submitting Reports Regular Channels 3 4 Submitting

More information

EU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update. By Stephen H. LaCount, Esq.

EU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update. By Stephen H. LaCount, Esq. EU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update By Stephen H. LaCount, Esq. Overview The European Union Data Protection Directive 95/46/EC ( Directive ) went effective in

More information

PARIS - LONDRES. Commission. Mardi 23 octobre 2012 Tuesday 23 October 2012

PARIS - LONDRES. Commission. Mardi 23 octobre 2012 Tuesday 23 October 2012 Commission PARIS - LONDRES Responsable : alain-christian monkam Mardi 23 octobre 2012 Tuesday 23 October 2012 Droit de la protection des données - approche comparée en droit français et en droit anglais

More information

Implementing and monitoring effective compliance policies & procedures. charlesrussellspeechlys.com

Implementing and monitoring effective compliance policies & procedures. charlesrussellspeechlys.com Implementing and monitoring effective compliance policies & procedures charlesrussellspeechlys.com Robert Bond Partner Robert Bond has over 36 years' experience in advising national and international clients

More information

technical factsheet 176

technical factsheet 176 technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection

More information

Personal information, for purposes of this Policy, includes any information which relates to an identified or an identifiable person.

Personal information, for purposes of this Policy, includes any information which relates to an identified or an identifiable person. PART I: INTRODUCTION AND BACKGROUND Purpose This Data Protection Binding Corporate Rules Policy ( Policy ) establishes the approach of Fluor to compliance with European data protection law and specifically

More information

Cloud computing and personal data protection. Gwendal LE GRAND Director of technology and innovation CNIL

Cloud computing and personal data protection. Gwendal LE GRAND Director of technology and innovation CNIL Cloud computing and personal data protection Gwendal LE GRAND Director of technology and innovation CNIL 1 Data protection in Europe Directive 95/46/EC Loi 78-17 du 6 janvier 1978 amended in 2004 (France)

More information

FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS

FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS As a world leader in electronic commerce and payment services, First Data Corporation and its subsidiaries ( First Data entity or entities ),

More information

MATTHEWS INTERNATIONAL CORPORATION

MATTHEWS INTERNATIONAL CORPORATION MATTHEWS INTERNATIONAL CORPORATION U.S. FOREIGN CORRUPT PRACTICES ACT COMPLIANCE POLICY INTRODUCTION Principles Underlying the United States Foreign Corrupt Practices Act ( FCPA ). The FCPA s Anti-Bribery

More information

Big Data for Mutuals. Marc Dautlich 25 November 2013

Big Data for Mutuals. Marc Dautlich 25 November 2013 Big Data for Mutuals Marc Dautlich 25 November 2013 Agenda BIG DATA What is it? OPPORTUNITIES What are they? LEGAL CHALLENGES How do we overcome them? LEGAL REFORM What can we do now to minimise impact?

More information

Standards of. Conduct. Important Phone Number for Reporting Violations

Standards of. Conduct. Important Phone Number for Reporting Violations Standards of Conduct It is the policy of Security Health Plan that all its business be conducted honestly, ethically, and with integrity. Security Health Plan s relationships with members, hospitals, clinics,

More information

The HR Skinny: Effectively managing international employee data flows

The HR Skinny: Effectively managing international employee data flows The HR Skinny: Effectively managing international employee data flows Topics we will cover today Laws affecting HR data flows HR international data protection challenges and strategic solutions Case study

More information

EU Data Protection and Information Security for Banking & Financial Service sectors 4 th December 2014

EU Data Protection and Information Security for Banking & Financial Service sectors 4 th December 2014 EU Data Protection and Information Security for Banking & Financial Service sectors 4 th December 2014 Janine Regan, Associate George Willis, Associate charlesrussellspeechlys.com Janine Regan Associate

More information

FRANCE. Chapter XX OVERVIEW

FRANCE. Chapter XX OVERVIEW Chapter XX FRANCE Merav Griguer 1 I OVERVIEW France has an omnibus privacy, data protection and cybersecurity framework law. As a member of the European Union, France has implemented the EU Data Protection

More information

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Sopra HR Software as a Data Processor Sopra HR Software, 2014 / Ref. : 20141120-101114-m 1/32 1.

More information

Corporate Anti-Bribery Policy

Corporate Anti-Bribery Policy Corporate Anti-Bribery Policy 1 Anti-Bribery Policy statement Bribery is both a criminal offence and bad business. Not only can individuals be guilty of an offence but a company can be prosecuted if it

More information

Complying with the U.S. Foreign Corrupt Practices Act

Complying with the U.S. Foreign Corrupt Practices Act Complying with the U.S. Foreign Corrupt Practices Act 1. About This Manual This Manual describes the Foreign Corrupt Practices Act ( FCPA ), 15 U.S.C. 78m, 78dd, 78ff (collectively, FCPA ), anti-corruption

More information

INTERNATIONAL SOS. Data Protection Policy. Version 1.05

INTERNATIONAL SOS. Data Protection Policy. Version 1.05 INTERNATIONAL SOS Data Protection Policy Document Owner: LCIS Division Document Manager: Group General Counsel Effective: December 2008 Revised: 2015 All copyright in these materials are reserved to AEA

More information

UIBL TOBA. United Insurance Brokers Ltd. Terms of Business Agreement

UIBL TOBA. United Insurance Brokers Ltd. Terms of Business Agreement TOBA United Insurance Brokers Ltd Terms of Business Agreement 1. Introduction and business service United Insurance Brokers Ltd () is an independent international insurance and reinsurance (1) Lloyd s

More information

DRAFT. Anti-Bribery and Anti-Corruption Policy. Introduction. Scope. 1. Definitions

DRAFT. Anti-Bribery and Anti-Corruption Policy. Introduction. Scope. 1. Definitions DRAFT Change History: Anti-Bribery and Anti-Corruption Policy Control Risks Group Ltd Commercial in confidence Introduction This document defines Control Risks policy on the avoidance of bribery and corruption.

More information

Data protection issues on an EU outsourcing

Data protection issues on an EU outsourcing Data protection issues on an EU outsourcing Saam Golshani, Alastair Gorrie and Diego Rigatti, Orrick Herrington & Sutcliffe www.practicallaw.com/8-380-8496 Outsourcing can mean subcontracting a process

More information

AIRBUS GROUP BINDING CORPORATE RULES

AIRBUS GROUP BINDING CORPORATE RULES 1 AIRBUS GROUP BINDING CORPORATE RULES 2 Introduction The Binding Corporate Rules (hereinafter BCRs ) of the Airbus Group finalize the Airbus Group s provisions on the protection of Personal Data. These

More information

The potential legal consequences of a personal data breach

The potential legal consequences of a personal data breach The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.

More information

20/09/2013. Global Privacy and Data Protection: Practical Risk Assessment and Governance. Topics. Case Study Stage 1

20/09/2013. Global Privacy and Data Protection: Practical Risk Assessment and Governance. Topics. Case Study Stage 1 Global Privacy and Data Protection: Practical Risk Assessment and Governance 9 October 2013 Robert Bond, BA, CCEP, HonMIEx Head of Data Protection and Info Security, Speechly Bircham Marti Arvin, CHC-F,

More information

EAGLE PARENT, INC EPICOR SOFTWARE CORPORATION ACTIVANT SOLUTIONS, INC. UK ANTI-BRIBERY AND CORRUPTION POLICY. (As Adopted July 2011)

EAGLE PARENT, INC EPICOR SOFTWARE CORPORATION ACTIVANT SOLUTIONS, INC. UK ANTI-BRIBERY AND CORRUPTION POLICY. (As Adopted July 2011) EAGLE PARENT, INC EPICOR SOFTWARE CORPORATION ACTIVANT SOLUTIONS, INC. UK ANTI-BRIBERY AND CORRUPTION POLICY (As Adopted July 2011) Introduction This UK Anti-Bribery and Corruption Policy ( Policy ) is

More information

Claims Management Services Regulation. Conduct of Authorised Persons Rules 2014

Claims Management Services Regulation. Conduct of Authorised Persons Rules 2014 Claims Management Services Regulation Conduct of Authorised Persons Rules 2014 Effective from 1 October 2014 Contents Introduction 1 Definitions 1 General Rules Principles 2 Conduct of Business 2 Professional

More information

Standard conditions of purchase

Standard conditions of purchase Standard conditions of purchase 1 OFFER AND ACCEPTANCE 2 PROPERTY, RISK & DELIVERY 3 PRICES & RATES The Supplier shall provide all Goods and Services in accordance with the terms and conditions set out

More information

Business Ethics Policy

Business Ethics Policy Business Ethics Policy Page 1 of 12 Preface and document control This document is intended to provide information in respect of G4S Group Head Office policy, procedure, standards or guidance and will be

More information

3.6. Please also note, unless your policy confirms otherwise, the rights under your policy may only be pursued in an English court.

3.6. Please also note, unless your policy confirms otherwise, the rights under your policy may only be pursued in an English court. Terms of business agreement - commercial customers M & N Insurance Service Limited Authorised and regulated by the Financial Conduct Authority No: 305837. Registered Office: 248 Hendon Way London NW4 3NL

More information

Claims Management Services Regulation. Conduct of Authorised Persons Rules 2013 (2)

Claims Management Services Regulation. Conduct of Authorised Persons Rules 2013 (2) Claims Management Services Regulation Conduct of Authorised Persons Rules 2013 (2) Effective from 8 July 2013 Contents Introduction 1 Definitions 1 General Rules Principles 2 Conduct of Business 2 Professional

More information

a. employees Company; or

a. employees Company; or Code of Busines ss Conduct and Ethics 1. Introduction a. This Code of Business Conduct and Ethics (the Code ) applies to all directors, officers, employees and third parties employed or directly engaged

More information

CODE OF CONDUCT Ethical rules and guidelines

CODE OF CONDUCT Ethical rules and guidelines CODE OF CONDUCT Ethical rules and guidelines CONTENT Introduction... 3 Our customers... 5 Employees... 7 The world around us... 9 Communication & dialog... 11 Security, theft & loss... 13 Environment...

More information

BHF Southern African Conference

BHF Southern African Conference BHF Southern African Conference Navigating the complexities of the new legislative framework Peter Hill, Director: IT Governance Network TOPICS TO BE COVERED The practical implementation of the PPI Act

More information

New EU Data Protection legislation comes into force today. What does this mean for your business?

New EU Data Protection legislation comes into force today. What does this mean for your business? 24 th May 2016 New EU Data Protection legislation comes into force today. What does this mean for your business? After years of discussion and proposals, the General Data Protection Regulation ( GDPR )

More information

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved.

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved. Align Technology Data Protection Binding Corporate Rules Processor Policy Confidential Contents INTRODUCTION TO THIS POLICY 3 PART I: BACKGROUND AND ACTIONS 4 PART II: PROCESSOR OBLIGATIONS 6 PART III:

More information

FOREIGN CORRUPT PRACTICES ACT POLICY for PROJECT PROFESSIONALS GROUP PTY. LTD.

FOREIGN CORRUPT PRACTICES ACT POLICY for PROJECT PROFESSIONALS GROUP PTY. LTD. FOREIGN CORRUPT PRACTICES ACT POLICY for PROJECT PROFESSIONALS GROUP PTY. LTD. 1.0 Purpose and Scope of this Manual The purpose of this Policy is to ensure compliance by Project Professionals Group Pty.

More information

Salesforce s Processor Binding Corporate Rules. for the. Processing of Personal Data

Salesforce s Processor Binding Corporate Rules. for the. Processing of Personal Data Salesforce s Processor Binding Corporate Rules for the Processing of Personal Data Table of Contents 1. Introduction 3 2. Definitions 3 3. Scope and Application 4 4. Responsibilities Towards Customers

More information

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS Mat Wright www.britishcouncil.org CONTENTS Purpose of the code 1 Scope of the code 1 The British Council s data protection commitment and

More information

Whistleblowing and Privacy Protection in Europe. Annual CLE Conference November 7 10, 2007, Philadelphia

Whistleblowing and Privacy Protection in Europe. Annual CLE Conference November 7 10, 2007, Philadelphia Whistleblowing and Privacy Protection in Europe Annual CLE Conference November 7 10, 2007, Philadelphia CMS Hasche Sigle Theodor-Heuss-Ring 19-21 D-50668 Cologne Germany Tel.: +49 (0)221 7716-140 Fax:

More information

PRACTICAL LAW DATA PROTECTION MULTI-JURISDICTIONAL GUIDE 2012/13. The law and leading lawyers worldwide

PRACTICAL LAW DATA PROTECTION MULTI-JURISDICTIONAL GUIDE 2012/13. The law and leading lawyers worldwide PRACTICAL LAW MULTI-JURISDICTIONAL GUIDE 2012/13 The law and leading lawyers worldwide Essential legal questions answered in 30 key jurisdictions Analysis of critical legal issues AVAILABLE ONLINE AT WWW.PRACTICALLAW.COM/DATAPROTECTION-MJG

More information

Countries EU - DPR Germany France Spain Switzerland Belgium The Netherlands Hungary Sweden Luxembourg Italy UK

Countries EU - DPR Germany France Spain Switzerland Belgium The Netherlands Hungary Sweden Luxembourg Italy UK DPO in Europe Countries EU - DPR Germany France Spain Switzerland Belgium The Netherlands Hungary Sweden Luxembourg Italy UK Name of DPO Data Protection Officer Beauftragter für den Datenschutz (DSB) Legal

More information

Data protection in Switzerland: overview

Data protection in Switzerland: overview Page 1 of 8 Data protection in Switzerland: overview Resource type: Country Q&A Status: Law stated as at 01-Aug-2014 Jurisdiction: Switzerland A Q&A guide to data protection in Switzerland. This Q&A guide

More information

Corporate Policy. Data Protection for Data of Customers & Partners.

Corporate Policy. Data Protection for Data of Customers & Partners. Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing

More information

The eighth data protection principle and international data transfers

The eighth data protection principle and international data transfers Data Protection Act 1998 The eighth data protection principle and international data transfers The Information Commissioner s recommended approach to assessing adequacy including consideration of the issue

More information

Align Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved.

Align Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved. Align Technology Data Protection Binding Corporate Rules Controller Policy Contents INTRODUCTION 3 PART I: BACKGROUND AND ACTIONS 4 PART II: CONTROLLER OBLIGATIONS 6 PART III: APPENDICES 13 2 P a g e INTRODUCTION

More information

Binding Corporate Rules ( BCR ) Summary of Third Party Rights

Binding Corporate Rules ( BCR ) Summary of Third Party Rights Binding Corporate Rules ( BCR ) Summary of Third Party Rights This document contains in its Sections 3 9 all provision of the Binding Corporate Rules (BCR) for Siemens Group Companies and Other Adopting

More information

BBC. Anti-Bribery Policy. June 2011

BBC. Anti-Bribery Policy. June 2011 BBC Anti-Bribery Policy June 2011 CONTENTS CLAUSE 1. Anti-Bribery Policy statement... 1 2. Who is covered by the policy?... 2 3. What is bribery?... 2 4. Gifts and hospitality... 3 5. Gifts and hospitality

More information

Data Management: Considerations for Integrating Compliance Requirements At Home and Abroad. Toronto, Ontario June 14, 2005

Data Management: Considerations for Integrating Compliance Requirements At Home and Abroad. Toronto, Ontario June 14, 2005 Data Management: Considerations for Integrating Compliance Requirements At Home and Abroad Toronto, Ontario June 14, 2005 Outsourcing Update: New Contractual Options and Risks Lisa K. Abe June 14, 2005

More information

APPLICATION FORM. 1. Please read the brochure and the whole of this application form, which has 10 pages.

APPLICATION FORM. 1. Please read the brochure and the whole of this application form, which has 10 pages. APPLICATION FORM managed inheritance SERVICE 1. Please read the brochure and the whole of this application form, which has 10 pages. 2. Next complete pages 2 to 5, signing on pages 2, 4 and 5. Make a copy

More information

Inhouse Masterclass: Data Developments - Cyber Security & the Right to be Forgotten. MHC.ie

Inhouse Masterclass: Data Developments - Cyber Security & the Right to be Forgotten. MHC.ie Inhouse Masterclass: Data Developments - Cyber Security & the Right to be Forgotten MHC.ie Rewriting the Past Oisin Tobin otobin@mhc.ie Agenda 1. Background 2. Findings and impact: a) Jurisdiction b) A

More information

CONSULTATION PAPER NO 2. 2004

CONSULTATION PAPER NO 2. 2004 CONSULTATION PAPER NO 2. 2004 REGULATION OF GENERAL INSURANCE MEDIATION BUSINESS This consultation paper explains the need for the Island to regulate general insurance mediation business and examines the

More information

OVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively.

OVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively. Joint work between experts from the Article 29 Working Party and from APEC Economies, on a referential for requirements for Binding Corporate Rules submitted to national Data Protection Authorities in

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection

More information

Thompson Jenner LLP Last revised April 2013 Standard Terms of Business

Thompson Jenner LLP Last revised April 2013 Standard Terms of Business The following standard terms of business apply to all engagements accepted by Thompson Jenner LLP. All work carried out is subject to these terms except where changes are expressly agreed in writing. 1

More information

THE TRANSFER OF PERSONAL DATA ABROAD

THE TRANSFER OF PERSONAL DATA ABROAD THE TRANSFER OF PERSONAL DATA ABROAD MARCH 2014 THIS NOTE CONSIDERS THE SITUATION OF AN IRISH ORGANISATION OR BUSINESS SEEKING TO TRANSFER PERSONAL DATA ABROAD FOR STORAGE OR PROCESSING, IN LIGHT OF THE

More information

STATEMENT FROM THE CHAIRMAN

STATEMENT FROM THE CHAIRMAN STATEMENT FROM THE CHAIRMAN In an ever-changing global marketplace, it is important for all of us to have an understanding of the responsibilities each of have in carrying out day-to-day business decisions

More information

WHISTLE BLOWING POLICY & PROCEDURES

WHISTLE BLOWING POLICY & PROCEDURES Management Circular No: GCSL/01.2013 Revised: 01/2014 WHISTLE BLOWING POLICY & PROCEDURES All rights reserved. No part contained in this Policy may be reproduced or copied in any form without the written

More information

Trafford Council. Data Protection. Policy, Statement and Guidance for Employees

Trafford Council. Data Protection. Policy, Statement and Guidance for Employees Trafford Council Data Protection Policy, Statement and Guidance for Employees Author Nick Evans Date August 2009 Status Final Version 1.3 Review Date October 2015 Review By Kathryn Wright Next Review October

More information

Tilburg University. U.S. Subpoenas and European data protection legislation Moerel, Lokke; Jansen, Nani; Koëter, Jeroen

Tilburg University. U.S. Subpoenas and European data protection legislation Moerel, Lokke; Jansen, Nani; Koëter, Jeroen Tilburg University U.S. Subpoenas and European data protection legislation Moerel, Lokke; Jansen, Nani; Koëter, Jeroen Published in: International Data Privacy Law Document version: Preprint (usually an

More information

Summary of Data Protection Requirements When transferring Data Outside the UK End Users

Summary of Data Protection Requirements When transferring Data Outside the UK End Users Summary of Data Protection Requirements When transferring Data Outside the UK End Users 14 May 2010 Background to transfers of the Data outside the UK Data can be transferred in a couple of ways in relation

More information

Message from the Chief Executive

Message from the Chief Executive Anti-Bribery Policy Message from the Chief Executive At Marks & Spencer we are committed to doing the right thing, the right way. Our Code of Ethics and Behaviours outlines the standards and behaviours

More information

Code of Conduct 1. The Financial Services Authority

Code of Conduct 1. The Financial Services Authority The Financial Services Authority Code of Conduct 1 1 The FSA's Code of Conduct should be read in conjunction with the guidance, which is designed to help you understand and apply the provisions of the

More information

Client Update A New Ruling by the French Data Protection Authority: Is the Right to Be Forgotten Crossing the Atlantic to the U.S.?

Client Update A New Ruling by the French Data Protection Authority: Is the Right to Be Forgotten Crossing the Atlantic to the U.S.? 1 Client Update A New Ruling by the French Data Protection Authority: Is the Right to Be Forgotten Crossing the Atlantic to the U.S.? NEW YORK Jeremy Feigelson jfeigelson@debevoise.com PARIS Frederick

More information

Data Protection Avoiding Information Commissioner Fines. Caroline Egan 5 June 2014

Data Protection Avoiding Information Commissioner Fines. Caroline Egan 5 June 2014 Data Protection Avoiding Information Commissioner Fines Caroline Egan 5 June 2014 Why is data protection a hot topic in pensions? Pension schemes hold large amounts of personal data Individuals more aware

More information

OSRAM BCR Binding Corporate Rules ( BCR ) for OSRAM Group Companies and Adopting Companies for the protection of personal data

OSRAM BCR Binding Corporate Rules ( BCR ) for OSRAM Group Companies and Adopting Companies for the protection of personal data OSRAM BCR Binding Corporate Rules ( BCR ) for OSRAM Group Companies and Adopting Companies for the protection of personal data Terms Adopting company an OSRAM associated company in Germany or overseas

More information

CARDINAL RESOURCES LLC INTRODUCTION

CARDINAL RESOURCES LLC INTRODUCTION CARDINAL RESOURCES LLC ANTI- BRIBERY AND ANTI- CORRUPTION POLICY INTRODUCTION The purpose of this Anti- bribery and Anti- corruption Policy (the "Policy") is to ensure compliance by the Red Bird Group

More information

EU Regulatory Trends in Data Protection & Cybersecurity What should be on the industry s agenda?

EU Regulatory Trends in Data Protection & Cybersecurity What should be on the industry s agenda? EU Regulatory Trends in Data Protection & Cybersecurity What should be on the industry s agenda? Dr. Jörg Hladjk Counsel European Data Protection & Privacy Practice Hunton & Williams, Brussels Cyber Security

More information

Regulated Mortgages. March 2012

Regulated Mortgages. March 2012 Regulated Mortgages March 2012 1 Introduction Since 31 October 2004, Regulated Mortgage Contracts have been subject to statutory control, supervised by the Financial Services Authority ("FSA"). Under Section

More information

Evergreen Solar, Inc. Code of Business Conduct and Ethics

Evergreen Solar, Inc. Code of Business Conduct and Ethics Evergreen Solar, Inc. Code of Business Conduct and Ethics A MESSAGE FROM THE BOARD At Evergreen Solar, Inc. (the Company or Evergreen Solar ), we believe that conducting business ethically is critical

More information

CHARTER FOR THE THE REGULATORY, COMPLIANCE & GOVERNMENT AFFAIRS COMMITTEE CHARTER THE BOARD OF DIRECTORS

CHARTER FOR THE THE REGULATORY, COMPLIANCE & GOVERNMENT AFFAIRS COMMITTEE CHARTER THE BOARD OF DIRECTORS CHARTER FOR THE THE REGULATORY, COMPLIANCE & GOVERNMENT AFFAIRS COMMITTEE CHARTER OF THE BOARD OF DIRECTORS OF Copyright/permission to reproduce Materials in this document were produced or compiled by

More information

INTEGRITY IN ACTION - HEALTH CARE COMPLIANCE

INTEGRITY IN ACTION - HEALTH CARE COMPLIANCE A PASSION FOR INTEGRITY INTEGRITY IN ACTION - HEALTH CARE COMPLIANCE HEALTH CARE COMPLIANCE IS EVERYONE S RESPONSIBILITY DePuy Synthes is known the world over for innovative, life enhancing orthopedic

More information

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction LEEDS BECKETT UNIVERSITY Information Security Policy 1.0 Introduction 1.1 Information in all of its forms is crucial to the effective functioning and good governance of our University. We are committed

More information

HILLENBRAND, INC. AND SUBSIDIARIES. Global Anti-Corruption Policy Statement and Compliance Guide

HILLENBRAND, INC. AND SUBSIDIARIES. Global Anti-Corruption Policy Statement and Compliance Guide HILLENBRAND, INC. AND SUBSIDIARIES Global Anti-Corruption Policy Statement and Compliance Guide Hillenbrand, Inc., including all of its subsidiaries (referred to collectively as the Company ), maintains

More information

Firm Registration Form

Firm Registration Form Firm Registration Form Firm Registration Form This registration form should be completed by firms who are authorised and regulated by the Financial Conduct Authority. All sections of this form are mandatory.

More information

Privacy & Data Security: The Future of the US-EU Safe Harbor

Privacy & Data Security: The Future of the US-EU Safe Harbor Privacy & Data Security: The Future of the US-EU Safe Harbor NAOMI MCBRIDE, LISA J. SOTTO AND BRIDGET TREACY, HUNTON & WILLIAMS LLP, WITH PRACTICAL LAW US INTELLECTUAL PROPERTY & TECHNOLOGY AND UK IP&IT

More information

DIFFERENT LAWS IN DIFFERENT COUNTRIES

DIFFERENT LAWS IN DIFFERENT COUNTRIES DIFFERENT LAWS IN DIFFERENT COUNTRIES 1. Belgium 2. Croatia 3. Cyprus 4. Czech Republic 5. Denmark 6. Finland 7. France 8. Germany 9. Greece 10. Hungary 11. Iceland 12. Ireland 13. Isle of Man 14. Italy

More information

Privacy and Cloud Computing for Australian Government Agencies

Privacy and Cloud Computing for Australian Government Agencies Privacy and Cloud Computing for Australian Government Agencies Better Practice Guide February 2013 Version 1.1 Introduction Despite common perceptions, cloud computing has the potential to enhance privacy

More information

Data Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document

Data Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document Data Protection Processing and Transfer of Personal Data in Kvaerner Binding Corporate Rules Public Document 1 of 19 1 / 19 Table of contents 1 Introduction... 4 1.1 Scope... 4 1.2 Definitions... 4 1.2.1

More information

CC255 C O R P O R A T E. Altus FCPA Policy. Last revised: 12 October 2010

CC255 C O R P O R A T E. Altus FCPA Policy. Last revised: 12 October 2010 CC255 Altus FCPA Policy Last revised: 12 October 2010 C O R P O R A T E Foreign Corrupt Practices Act Policy Purpose The purpose of this Policy is to ensure compliance by Altus and its directors, officers,

More information

COUNTY OF ORANGE DEPARTMENT OF HEALTH. Corporate Compliance Plan

COUNTY OF ORANGE DEPARTMENT OF HEALTH. Corporate Compliance Plan COUNTY OF ORANGE DEPARTMENT OF HEALTH Corporate Compliance Plan COUNTY OF ORANGE DEPARTMENT OF HEALTH CORPORATE COMPLIANCE PLAN I. Corporate Compliance Plan It is the policy of the Orange County Department

More information

HORIZON OIL LIMITED (ABN: 51 009 799 455)

HORIZON OIL LIMITED (ABN: 51 009 799 455) HORIZON OIL LIMITED (ABN: 51 009 799 455) CORPORATE CODE OF CONDUCT Corporate code of conduct Page 1 of 7 1 Introduction This is the corporate code of conduct ( Code ) for Horizon Oil Limited ( Horizon

More information

4. We understand this to mean that each provider state will need to ensure indemnity arrangements are in place to cover healthcare provided in that

4. We understand this to mean that each provider state will need to ensure indemnity arrangements are in place to cover healthcare provided in that Medical Defence Union response to consultation on European Commission s proposals for Directive on the application of patients rights in cross-border healthcare Introduction 1. The Medical Defence Union

More information

Clause 1. Definitions and Interpretation

Clause 1. Definitions and Interpretation [Standard data protection [agreement/clauses] for the transfer of Personal Data from the University of Edinburgh (as Data Controller) to a Data Processor within the European Economic Area ] In this Agreement:-

More information

E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY

E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY Oana Dolea 7 th Annual Leg@l.IT Conference March 26th, 2013 Montreal, Canada INTRODUCTION Mobile e-commerce vs. E-commerce Mobile e-commerce:

More information

E-Zec Medical Transport Services Ltd

E-Zec Medical Transport Services Ltd E-Zec Medical Transport Services Ltd Terminal Building Redhill Aerodrome, Kingsmill Lane Redhill Surrey RH1 5YP Licence Number: 200120 Date of Issue Version Number 19/06/2015 1.0 Dr David Bennett, Chief

More information

Heslop & Platt Solicitors Limited

Heslop & Platt Solicitors Limited TERMS OF BUSINESS Heslop & Platt Solicitors Limited 1. Introduction and Definitions 1.1 In these terms of business, the following words and phrases have the following meanings: Initial Client Letter Client

More information

Our vision. A company where the best people want to work.

Our vision. A company where the best people want to work. Code of Conduct Our vision A company where the best people want to work. The world leader in chemical distribution, providing unparalleled connectivity between customers and suppliers. 2 Univar s guiding

More information