While the main objective of data protection authorities is to provide incentives for disclosure, cooperation and self-reporting of corporate misconduct, a U.S.-inspired business approach could be important for the use of data protection authorities in the fight against corruption at their roots, rather than costly prosecutions. , long and criminal in the event of a late payment. Instead, setting a more cooperative tone and creating an environment conducive to the immediate disclosure of corporate crime after discovery is a way to improve corporate attitudes in the fight against corruption and corruption and to ensure that valuable resources are used to investigate and prosecute the most serious cases. This view is further reinforced in XYZ: since 2014, a Deferred Enforcement Agreement (DPA) has been an option for the Uk`s Office of Serious Fraud (SFO) in the handling of criminal wrongdoing by a company. While entry into a DATA authority does not require a company to admit its guilt, the company must acknowledge wrongdoing and perform other obligations imposed on it in accordance with the provisions of the Data Protection Authority. In return, the SFO will postpone the continuation of the business for an agreed period. The agreement allows for the suspension of proceedings for a specified period of time, provided that the organization meets certain conditions. The current Director has clearly drawn attention to the UK`s rapprochement with the US system and closer cooperation between the SFO and the DOJ. Such changes can lead to greater success for the SFO in monitoring data protection authorities and individual prosecutions.
The SFO can fully strengthen its business by obtaining the witnesses it currently lacks through a more strategic approach to the offer of immunity. We can also see that fewer cases are reaching the trial stage because the power to offer immunity from prosecution is more used. If and when the criminality is introduced, the crime of economic crime will probably protect the PA from further criticism of inconsistencies between the torment of the company and the acquittal of an individual. With SFO v XYZ, the range of offences for which the DpAs are realistic has expanded since December 2015, when the SFO received its first DPA against Standard Bank. In the Standard Bank, it was found that the bank did not prevent corruption, unlike Section 7 of the Bribery Act 2010 – an important factor in the interest of justice is that the British company itself did not participate in the corruption itself. The XYZ case shows that, contrary to the expectations of many, data protection authorities will not be limited to cases where they are violations in paragraph 7. They may be available in cases where the recipient company has been actively involved in serious material corruption. If negotiations continue, the company agrees to a number of conditions, such as paying .B a fine, paying compensation and cooperating with the prosecution of individuals. If the company does not meet the conditions, the charge may be reinstated. The modalities for monitoring compliance are set out in the provisions of the data protection authority. The fact that the SFO did not demonstrate the involvement of individuals in the behaviour explicitly considered a crime within the data protection authorities gave rise to a review and raised questions about the nature of the large fines imposed by data protection authorities.
In the absence of a rigorous review of the available evidence, questions were raised as to whether data protection authorities were really a “soft option” for companies to free themselves from their responsibilities and avoid the risk of possible prosecution.