Where GDPR and Due Diligence Collide
Bribe, Swindle or Steal
Alexandra Addison-Wrage of TRACE International
4.9 • 582 Ratings
🗓️ 13 June 2018
⏱️ 23 minutes
🧾️ Download transcript
Summary
Illya Antonenko, privacy counsel with TRACE, discusses the direct conflict between the GDPR and robust anti-bribery due diligence and TRACE's efforts to press for revisions to laws for a carve-out for due diligence.
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Welcome back to the podcast, bribe, swindle, or steel. |
| 0:09.7 | I'm Alexandra Rogge, and today we're talking about the European Union's general data |
| 0:14.0 | protection regulation, or GDPR as it relates to conducting meaningful, consistent due diligence |
| 0:20.2 | on third parties in the European Union. |
| 0:22.6 | A lot has been said about the GDPR more generally, so we're going to focus on this fairly narrow |
| 0:27.6 | but incredibly important aspect of the new regulation. |
| 0:30.6 | My guest today is a colleague at Trace. |
| 0:32.6 | Ilya Antonenko is Privacy Council at Trace, and prior to joining us here, he had substantial compliance |
| 0:38.8 | experience both in-house and with a law firm, but he's been focused pretty single-mindedly on |
| 0:44.2 | this issue since he joined Trace. I know you've barely had time to catch your breath from the |
| 0:49.4 | Luge ride that led up to May 25th, so thank you for joining me today. You're welcome. It's my pleasure. |
| 0:55.5 | Can you start by describing the nature of the conflict between GDPR and due diligence? |
| 1:01.1 | I think everybody has heard a great deal about GDPR more generally. |
| 1:05.6 | But what is the conflict that we're addressing here? |
| 1:08.6 | First, there's a general tension between these two worthy causes. |
| 1:13.7 | One is trying to bring transparency to expose nefarious conduct. The other is generally trying to |
| 1:21.1 | give control to individuals over their personal data, minimize the processing. So there's a general tension. When we looked at GDPR in detail, |
| 1:32.1 | we found that it's not just the tension, that there's actual conflict. And specifically in Article 10 |
| 1:38.3 | of the GDPR, it says that the controllers cannot process personal criminal convictions data or data related to |
| 1:47.6 | criminal offenses unless they are doing so under the control of official authority or when |
| 1:56.2 | the processing is authorized by union or member state law. And when we started this process, we looked around and we found that there's no such EU-wide law that would authorize, trace, or any other controller, to look into individuals' criminal background information for purposes of anti-bribery due diligence. |
| 2:19.2 | There's a lot to unpack there. Let's start with the big point that you opened with, which I think is |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from Alexandra Addison-Wrage of TRACE International, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of Alexandra Addison-Wrage of TRACE International and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.