Categories
Life with GDPR

Life With GDPR: Karen Moore on The EU, Corporate Sustainability Due Diligence Directive

Tom Fox and Jonathan Armstrong, renowned expert in cyber security, co-host the award-winning Life with GDPR. Jonathan is on a short hiatus and in this episode, we have a special guest, Karen Moore who discusses the EU’s Corporate Sustainability-Due Diligence Directive.

Karen Moore is a well-versed professional in the area of impact assessments and due diligence, with a particular focus on human rights and environmental issues to prevent and address potential harm. Her perspective, shaped by her extensive experience, is that impact assessments and due diligence are key indicators of a corporation’s commitment to preserving the environment and upholding human rights.

Moore emphasizes the importance of these processes not only within a company’s own activities, but also within those of its suppliers and indirect suppliers. She stresses the need for a robust due diligence process, including tracking progress, publishing annual statements, implementing complaints procedures, and involving all employees.

Additionally, she highlights the challenges of managing these processes, such as complex questionnaires for third-party suppliers and the need for streamlined assessments. She believes in a proactive approach to corporate responsibility, going beyond regulatory requirements to foster sustainable practices and ethical decision-making.

 Key Takeaways:

  • Ethical and Sustainable Business Practices Compliance Guidelines
  • Ethical Evaluation for Data Privacy Compliance in the US
  • Ethical Data Handling for GDPR Compliance
  • Ethical Business Practices in Supply Chains

 Resources:

Connect with Tom Fox

Connect with Jonathan Armstrong

Connect with Karen Moore

Categories
Blog

Insights on the EU Corporate Sustainability Due Diligence Directive from GDPR

Regarding corporate social responsibility and data protection, impact assessments and due diligence can seem like a labyrinth of legal jargon and regulatory requirements. However, understanding the importance of these processes is crucial for any corporation looking to not only comply with regulations but also build trust with customers and stakeholders. In this blog post, we will dive into the intricacies of impact assessments and due diligence, answering common questions and providing practical tips for corporations navigating the complexities of the Corporate Sustainability Due Diligence Directive (CSDDD).

We will consider the following questions:

  1. What role does GDPR compliance play in navigating the complexities of the CSDDD?
  2. Why are privacy impact assessments important for the CSDDD?
  3. How can corporations comply with the CSDDD?

In the ever-evolving landscape of corporate responsibility and ethical governance, staying ahead of regulatory directives is crucial for businesses looking to comply and positively impact society and the environment. One such directive that is making waves in the corporate world is the CSDDD. In the wake of its near full adoption by the European Council, the implications of this directive are profound, prompting organizations to rethink their approach to sustainability, human rights, and environmental impact.

The parallels between the CSDDD and the General Data Protection Regulation (GDPR) serve as a reminder of the importance of proactively addressing ethical considerations within corporate governance. Just as with the GDPR, which focuses on data privacy and protection, the CSDDD underscores the necessity of corporate diligence in ensuring environmental responsibility, human rights protection, and fair business practices.

GDPR compliance is a critical component of navigating the complexities of the CSDDD. GDPR sets strict guidelines for how companies handle the personal data of EU citizens. By ensuring compliance with GDPR regulations, corporations can demonstrate their commitment to data protection and privacy, essential for building trust with customers and stakeholders in today’s data-driven world. One of the key components of GDPR compliance is to conduct regular audits of your data processing activities to ensure compliance with GDPR requirements. Implement robust data protection measures, such as encryption and access controls, to safeguard personal data and mitigate the risk of data breaches.

The essence of both GDPR and CSDDD is to take a proactive approach to compliance. By instilling a culture of responsibility within the organization, companies can effectively navigate the complexities of regulatory frameworks like the CSDDD. From conducting impact assessments to tracking progress and publishing annual statements, the directive emphasizes transparency and accountability in corporate operations.

Compliance with the CSDDD requires a proactive approach to data protection and privacy. Corporations must establish robust data governance frameworks, implement privacy-by-design principles, and regularly audit their data processing activities. By prioritizing data protection and privacy, corporations can demonstrate their commitment to responsible data management and build trust with customers and stakeholders. You should work to develop a data protection policy that outlines your organization’s commitment to data protection and privacy. Train employees on data protection best practices and provide ongoing support to ensure compliance with the CSDDD.

This is also true of privacy impact assessments (PIAs), essential for identifying and mitigating privacy risks associated with data processing activities. By conducting a PIA, corporations can assess the potential impact of their data processing activities on individuals’ privacy rights and take steps to minimize any adverse effects. PIAs are especially important in the context of the CSDDD, where data protection and privacy are paramount concerns. You should work to integrate privacy impact assessments into your data processing workflows to identify and address privacy risks proactively. Engage with data protection authorities and stakeholders to ensure transparency and accountability in your privacy practices.

While the CSDDD is a European directive, its reach extends beyond the EU’s borders, impacting US companies with significant operations or income derived from the region. This broad scope necessitates a thorough evaluation of supply chains, supplier relationships, and potential risks associated with non-compliance. The CSDDD’s requirements for due diligence and supplier engagement underscore the interconnected nature of global business operations.

As organizations strive to align with the CSDDD, integrating existing laws and guidelines from related legislation, such as GDPR, becomes essential. From incorporating OECD guidelines to addressing human rights and environmental impact, companies must adopt a comprehensive approach to compliance. By leveraging technological solutions and strategic staffing, businesses can streamline their compliance efforts and enhance their impact on society and the environment.

The convergence of directives like the CSDDD and GDPR heralds a new era of ethical governance for businesses worldwide. By embracing the principles of sustainability, human rights protection, and environmental stewardship, organizations can meet regulatory requirements and contribute to a more responsible and equitable corporate landscape. As we navigate the complexities of corporate responsibility, let us heed the lessons from these directives and strive to do the right thing, both ethically and legally.

Navigating the complexities of impact assessments and due diligence in the context of the CSDDD may seem daunting. Still, with a proactive approach to data protection and privacy, corporations can demonstrate their commitment to responsible data management and build trust with customers and stakeholders. By prioritizing GDPR compliance, conducting privacy impact assessments, and implementing robust data protection measures, corporations can navigate the complexities of the CSDDD effectively.

Categories
Everything Compliance

Everything Compliance: Episode 132, The Tribute to Gene Marks Edition

Welcome to the only roundtable podcast in compliance as we celebrate our second century of shows.

In this episode, we have a quintet of commentators: Jonathan Marks, Matt Kelly, Jay Rosen, and Special Guest Karen Moore, all hosted and joined by Tom Fox.

1. Matt Kelly takes a deep dive into the recent speech by Michael Hsu on how fairness helps compliance. (Check out his blog on the topic here.) He shouts out to World Central Kitchen and their continued efforts to feed those in need.

2. Special guest Karen Moore takes a deep dive into the EU Corporate Sustainability Due Diligence Directive.  She shouts out to the Austrian government for providing citizenship to descendants of Nazi persecution by means of a declaration without having to give up their current citizenship or nationality in return.

3. Jonathan Marks talks about his father’s influence on him, which helped Jonathan form his views on ethics and the Kobayashi Maru. He shouts out to his father, Gene Marks for a full life well lived.

4. Jay Rosen looks at the enforcement action involving Trafigura. He shouts out to Lou Gossett, Jr. for his Oscar-winning role in An Officer and a Gentleman.

5. Host Tom Fox takes a deep dive into the Trafigura FCPA enforcement action to try and determine how (and why) the company was not required to have a monitor. He shouts out to Houston Astros pitcher Ronel Blanco, who threw a no-hitter in his 8th professional appearance at the age of 30.

The members of the Everything Compliance are:

Jay Rosen – Jay can be reached at Jay.r.rosen@gmail.com

Karen Woody – Is one of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu

Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com

Jonathan Armstrong – is our UK colleague and an experienced data privacy/data protection lawyer in London. He can be reached at windyridgehouse@gmail.com

Jonathan Marks can be reached at jtmarks@gmail.com

Guest Karen Moore can be reached at Kmoore51@fordham.edu

The host, producer, ranter (and sometime panelist) of Everything Compliance is Tom Fox the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network.

Categories
Everything Compliance - Shout Outs and Rants

Shout Outs and Rants – Episode 130, The End of SPACs Edition

Welcome to the only roundtable podcast in compliance as we celebrate our second century of shows.

In this episode, we have the quartet of Jonathan Armstrong, Matt Kelly, Karen Woody, Jay Rosen, and Special Guest Karen Moore, all hosted by Tom Fox, joining us on this episode of Shout Outs and Rants.

1. Matt Kelly shouts out to the Russian people who turned in droves for the funeral of murdered activist Alexei Navalny.

2. Karen Woody shouts out to Caitlin Clark, who set the all-time single season scoring record in college basketball.

3. Special Guest Karen Moore shouts out and rants about UW killing the EU Corporate Sustainability Due Diligence Directive.

4. Jonathan Marks shouts out garbage collectors who saw a house on fire, saved the family inside and warned neighbors all before the Fire Department arrived.

5. Jay Rosen shouts out to the rich getting richer: Shohei Ohtani signing with the LA Dodgers for $700MM and deferring 97% of his salary until 2034 and to Adam Turteltaub, an uber Dodgers fan who might see a Dodgers World Series this year.

6. Tom Fox rants about the Supreme Court intentionally delaying the federal trials of Donald Trump.

The members of the Everything Compliance are:

Jay Rosen – Jay can be reached at Jay.r.rosen@gmail.com.

Karen Woody – One of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu

Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com

Jonathan Armstrong – is our UK colleague, who is an experienced data privacy/data protection lawyer in London.

Jonathan Marks can be reached at jtmarks@gmail.com.

Special Guest Karen Moore is an Adjunct Professor at the Fordham School of Law. She can be reached at kmoore51@fordham.edu.

The host, producer, ranter (and sometimes panelist) of Everything Compliance is Tom Fox, the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network.