Categories
Blog

Insights on the EU Corporate Sustainability Due Diligence Directive from GDPR

Regarding corporate social responsibility and data protection, impact assessments and due diligence can seem like a labyrinth of legal jargon and regulatory requirements. However, understanding the importance of these processes is crucial for any corporation looking to not only comply with regulations but also build trust with customers and stakeholders. In this blog post, we will dive into the intricacies of impact assessments and due diligence, answering common questions and providing practical tips for corporations navigating the complexities of the Corporate Sustainability Due Diligence Directive (CSDDD).

We will consider the following questions:

  1. What role does GDPR compliance play in navigating the complexities of the CSDDD?
  2. Why are privacy impact assessments important for the CSDDD?
  3. How can corporations comply with the CSDDD?

In the ever-evolving landscape of corporate responsibility and ethical governance, staying ahead of regulatory directives is crucial for businesses looking to comply and positively impact society and the environment. One such directive that is making waves in the corporate world is the CSDDD. In the wake of its near full adoption by the European Council, the implications of this directive are profound, prompting organizations to rethink their approach to sustainability, human rights, and environmental impact.

The parallels between the CSDDD and the General Data Protection Regulation (GDPR) serve as a reminder of the importance of proactively addressing ethical considerations within corporate governance. Just as with the GDPR, which focuses on data privacy and protection, the CSDDD underscores the necessity of corporate diligence in ensuring environmental responsibility, human rights protection, and fair business practices.

GDPR compliance is a critical component of navigating the complexities of the CSDDD. GDPR sets strict guidelines for how companies handle the personal data of EU citizens. By ensuring compliance with GDPR regulations, corporations can demonstrate their commitment to data protection and privacy, essential for building trust with customers and stakeholders in today’s data-driven world. One of the key components of GDPR compliance is to conduct regular audits of your data processing activities to ensure compliance with GDPR requirements. Implement robust data protection measures, such as encryption and access controls, to safeguard personal data and mitigate the risk of data breaches.

The essence of both GDPR and CSDDD is to take a proactive approach to compliance. By instilling a culture of responsibility within the organization, companies can effectively navigate the complexities of regulatory frameworks like the CSDDD. From conducting impact assessments to tracking progress and publishing annual statements, the directive emphasizes transparency and accountability in corporate operations.

Compliance with the CSDDD requires a proactive approach to data protection and privacy. Corporations must establish robust data governance frameworks, implement privacy-by-design principles, and regularly audit their data processing activities. By prioritizing data protection and privacy, corporations can demonstrate their commitment to responsible data management and build trust with customers and stakeholders. You should work to develop a data protection policy that outlines your organization’s commitment to data protection and privacy. Train employees on data protection best practices and provide ongoing support to ensure compliance with the CSDDD.

This is also true of privacy impact assessments (PIAs), essential for identifying and mitigating privacy risks associated with data processing activities. By conducting a PIA, corporations can assess the potential impact of their data processing activities on individuals’ privacy rights and take steps to minimize any adverse effects. PIAs are especially important in the context of the CSDDD, where data protection and privacy are paramount concerns. You should work to integrate privacy impact assessments into your data processing workflows to identify and address privacy risks proactively. Engage with data protection authorities and stakeholders to ensure transparency and accountability in your privacy practices.

While the CSDDD is a European directive, its reach extends beyond the EU’s borders, impacting US companies with significant operations or income derived from the region. This broad scope necessitates a thorough evaluation of supply chains, supplier relationships, and potential risks associated with non-compliance. The CSDDD’s requirements for due diligence and supplier engagement underscore the interconnected nature of global business operations.

As organizations strive to align with the CSDDD, integrating existing laws and guidelines from related legislation, such as GDPR, becomes essential. From incorporating OECD guidelines to addressing human rights and environmental impact, companies must adopt a comprehensive approach to compliance. By leveraging technological solutions and strategic staffing, businesses can streamline their compliance efforts and enhance their impact on society and the environment.

The convergence of directives like the CSDDD and GDPR heralds a new era of ethical governance for businesses worldwide. By embracing the principles of sustainability, human rights protection, and environmental stewardship, organizations can meet regulatory requirements and contribute to a more responsible and equitable corporate landscape. As we navigate the complexities of corporate responsibility, let us heed the lessons from these directives and strive to do the right thing, both ethically and legally.

Navigating the complexities of impact assessments and due diligence in the context of the CSDDD may seem daunting. Still, with a proactive approach to data protection and privacy, corporations can demonstrate their commitment to responsible data management and build trust with customers and stakeholders. By prioritizing GDPR compliance, conducting privacy impact assessments, and implementing robust data protection measures, corporations can navigate the complexities of the CSDDD effectively.

Categories
Great Women in Compliance

Great Women in Compliance: Amy Mertz Brown on Financial and Regulatory Compliance

Welcome to the Great Women in Compliance Podcast!

In this episode, Lisa visits with Amy Mertz Brown, the SVP Chief Compliance and Privacy Officer at BECU.

Amy started her career in the US government, where she was one of the first leaders at the  Consumer Financial Protection Bureau and was formerly the Chief Compliance Officer at the US Securities and Exchange Commission.  She discusses the similarities and differences between her government and in-house regulatory experiences, and the importance of specific training and detailed work instructions in highly regulated industries.

Amy also shares how she has built her career, and what she views as important in deciding on taking on a new role. Amy and Lisa also talk about Reshma Saujani’s views about imposter syndrome, rather than looking at the reasons someone feels like an imposter and questioning the concept and how it impacts women.

Key Highlights:

  • Regulatory Compliance in the Government and in the Private Sector
  • Regulatory Compliance Through Monitoring and Training
  • Navigating Evolving Financial Regulations
  • Questioning the Imposter Syndrome

Join the Great Women in Compliance community on LinkedIn here.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Employee Rights in an Interview

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In this episode, we consider what employee rights you need to consider during an internal investigation.

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Categories
Daily Compliance News

Daily Compliance News: April 17, 2024 – The Oreos in Trouble Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee and listen to the Daily Compliance News. All from the Compliance Podcast Network.

Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

  • EU to fine the Oreo maker. (FT)
  • The Chief AI Officer.  (FT)
  • US avers it won’t seek the death penalty in Assange extradition. (Reuters)
  • Will SCT make all bribes legal? (NYT)

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Categories
Compliance Into the Weeds

Compliance into the Weeds: Do We Need More Centralized Compliance?

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject.

Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds!

In this episode, Tom and Matt take a deep dive into recent study on bias in workplace hiring and use the study to consider if compliance needs to be more centralized.

The topic of discriminatory patterns in hiring is an interesting yet contentious issue. It encompasses biases in recruitment based on factors such as names, gender, and race, which, unfortunately, are still prevalent in various companies.

Tom believes that these discriminatory practices hamper equal opportunities and, hence, need to be addressed earnestly. Drawing from his likely experience in promoting fair employment practices, he emphasizes the need for diversity and inclusion initiatives.

On the other hand, Matt attributes such discriminatory hiring patterns to inherent biases and prejudices of employers. He argues that discriminatory practices result in a lack of diversity in the workplace as qualified individuals are overlooked based on their race, gender, or age.

Following from his perspective on the matter, Kelly champions the execution of policies that foster equality and fairness in the hiring process. 

Key Highlights:

  • Bias in Hiring Practices Based on Names
  • Bias Reduction Through Centralized Recruitment Operations
  • Enhancing the control environment through Internal Audits
  • Ethical Alignment for Compliance Management Success

Resources:

Matt on Radical Compliance

Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Uncovering Hidden Risks

Ep 13 – Unveil Data Security Paradoxes

Herain Oberoi, General Manager of Data Security, Privacy, and Compliance for Microsoft, joins Erica Toelle and guest host Tina Ying, Senior Product Marketing Manager at Microsoft, on this week’s episode of Uncovering Hidden Risks. Microsoft has recently released a new report called the Data Security Index. Erica, Tina, and Herain explain what drove the team to complete this research, release the report, and share valuable insights that can empower organizations to optimize their data security programs.

In This Episode You Will Learn:

  • Why do more tools bring less security, but organizations still adopt them?
  • When organizations should allocate resources to optimize data security
  • How security leaders can lead their teams with the goal of enhancing all-up security posture

Some Questions We Ask:

  • How can organizations enhance their data security posture?
  • Should organizations purchase best-of-suite or best-of-breed solutions?
  • What advice do you give organizations facing the challenge of using isolated solutions?

Resources:

View Herain Oberoi on LinkedIn

View Tina Ying on LinkedIn

View Erica Toelle on LinkedIn

Related Microsoft Podcasts:

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Connect with the Compliance Podcast Network at:

LinkedIn: https://www.linkedin.com/company/compliance-podcast-network/
Facebook: https://www.facebook.com/compliancepodcastnetwork/
YouTube: https://www.youtube.com/@CompliancePodcastNetwork
Twitter: https://twitter.com/tfoxlaw
Instagram: https://www.instagram.com/voiceofcompliance/
Website: https://compliancepodcastnetwork.net/