Tag: GDPR

Categories
Innovation in Compliance

Innovation in Compliance – Global Outsourcing and GDPR Compliance – Navigating Challenges and Opportunities with Inge Zwick

Innovation comes in many areas, and compliance professionals need to be ready for it and embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode, Tom Fox interviews Inge Zwick, a senior leader from Emapta Global, a global outsourcing company, who elaborates on his experience working in different international locations, including the Philippines and now Italy.

Zwick discusses the complexities and common concerns around outsourcing under GDPR, emphasizing the importance of compliance and data protection. They explain how Emapta supports clients in achieving GDPR compliance while outsourcing, including risk assessments, data flow mapping, and maintaining secure work environments. The conversation delves into the practical aspects of handling Subject Access Requests (SARs), the integration of compliance into operational workflows, and the importance of maintaining ongoing monitoring and updates. Zwick also touches upon how ESG initiatives and compliance are seamlessly woven into Emapta’s operations, providing a sustainable approach to global outsourcing. Lastly, advice is given to business leaders on how to future-proof their outsourcing strategies in light of GDPR, encouraging them not to shy away from global talent opportunities due to compliance fears.

Key highlights:

  • Company Overview and Global Operations
  • Outsourcing and GDPR Compliance
  • Risk Assessment and Data Security
  • Subject Access Requests (SAR)
  • Outsourcing Contracts and GDPR Obligations
  • Integrating Compliance into Operations
  • Future-Proofing Your Outsourcing Strategy  

Resources:

Connect with Inge Zwick

Connect with Emapta Global

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
AI Today in 5

AI Today in 5: August 4, 2025, The Inaugural Episode

Welcome to AI Today in 5, the newest addition to the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the AI Today In 5. All, from the Compliance Podcast Network. Each day, Tom considers five stories from the business world, compliance, ethics, risk management, leadership, or general interest about AI.

For more information on the use of AI in compliance programs, Tom Fox’s new book is Upping Your Game. You can purchase a copy of the book on Amazon.com.

Categories
Life with GDPR

Life With GDPR: Episode 114 – Navigating GDPR in Global Outsourcing with Inge Zwick

Tom Fox takes a solo turn as Jonathan Armstrong is on assignment. Today, Tom visits with Inge Zwick, Executive Director, Head of Europe, and ESG Lead at Emapta Global, a global outsourcing company.

They discuss the company’s operations, with a particular focus on managing GDPR compliance within the outsourcing framework. They also discuss common misconceptions about outsourcing under the GDPR, risk assessment processes, handling data subject access requests, and integrating compliance into business operations. Zwick also shares insights into how EMAPTA collaborates with clients to ensure compliance and offers advice to business leaders on future-proofing their outsourcing strategies in light of GDPR requirements. Additionally, the discussion explores the integration of ESG initiatives within the company’s operations.

Key takeaways:

  • Outsourcing and GDPR Compliance
  • Risk Assessment and Data Security
  • Subject Access Requests (SAR)
  • Outsourcing Contracts and GDPR Obligations
  • Integrating Compliance into Operations

Resources:

Connect with Tom Fox

Connect with Inge Zwick

Connect with Emapta Global

Life with GDPR was recently honored as a Top Data Security Podcast.  

Categories
Blog

AI in Recruitment: Compliance Challenges and Opportunities

Compliance officers increasingly deal with emerging technologies in today’s business environment, and artificial intelligence (AI) is undeniably at the forefront. Among the numerous applications of AI, its deployment in recruitment is rapidly becoming one of the most significant and controversial topics compliance professionals need to navigate. The reason for the spotlight is clear. AI-driven recruitment tools promise substantial efficiency gains, automating tedious processes such as CV screening, initial interviews, and candidate ranking. However, this automation does not come without significant compliance and ethical pitfalls. The implications are vast, involving transparency, fairness, accuracy, and potential biases, each presenting substantial regulatory and reputational risks.

Jonathan Armstrong and I recently explored the issues surrounding the use of AI in corporate recruiting in a recent episode of Life with GDPR. This blog post is based on our discussion. For more information, I invite you to check out the full episode.

The Compliance Landscape: EU, UK, and US Perspectives

The regulatory perspective surrounding AI in recruitment varies significantly, but a general compliance framework exists through the General Data Protection Regulation (GDPR) in Europe. GDPR lays foundational principles such as transparency, fairness, accuracy, and accountability, directly impacting how AI systems must operate in talent acquisition. In the United States, state-level regulations addressing automated recruitment systems are also beginning, reflecting a broader global trend toward stronger regulatory scrutiny of these technologies.

Armstrong highlighted that enforcement is becoming more pronounced. Spain, for example, has seen regulatory actions requiring companies benefiting from AI-driven processes to articulate the basis for automated decisions clearly. The UK’s regulator explicitly notes recruitment as an area under active scrutiny, emphasizing the significance compliance professionals must attach to these practices.

Transparency and Fairness: Essential Compliance Considerations

Transparency in AI systems, particularly in recruitment, is more than a regulatory requirement; it is an ethical imperative. Under GDPR, a candidate who is rejected by an automated system is entitled to understand the basis for that decision. Simply stating “the algorithm decided” will not suffice. Organizations must be prepared to provide candidates with clear, intelligible explanations about how decisions were reached, which inherently involves unpacking the often opaque nature of AI processes.

The challenge is compounded by machine learning technologies, where decision pathways evolve dynamically. Unlike rule-based systems, the internal workings of machine learning-driven AI can be complex, making it difficult, even impossible in some instances, for companies to understand or explain their decision-making criteria fully. This opacity can lead to bias, discrimination, and unfair treatment accusations.

Bias and Discrimination: A Risk Too Real

The specter of bias and discrimination looms large with AI recruitment tools. Systems have been reported to inadvertently penalize candidates for factors unrelated to their competencies or skills, such as internet connection quality during virtual interviews. For instance, a candidate could be unfairly penalized if their internet connectivity is unreliable, leading AI systems to interpret technical delays as hesitancy or lack of confidence wrongly. This subtle discrimination disproportionately affects individuals from lower socioeconomic backgrounds, exacerbating existing inequalities.

Moreover, disturbing parallels can be drawn from AI decision-making in areas such as bail applications in the US, where biases based on ethnicity or racial profiling have resulted in unjust outcomes. The risk of similar biases entering recruitment processes cannot be underestimated, underscoring the need for vigilant compliance oversight.

Proactive Compliance: Essential Steps for Mitigation

Given these concerns, compliance officers cannot afford to adopt a passive stance. The issue of AI in recruitment is far too consequential to be left solely in the hands of HR departments or recruitment agencies. Compliance teams must proactively engage to ensure that all AI applications used in their organizations or by their third-party vendors are compliant, transparent, and fair.

Armstrong proposed the following framework compliance professionals can adopt to manage the risks of using AI in their recruiting process.

  1. Vet AI Providers Rigorously
  2. Not all AI vendors operate equally. Compliance professionals should avoid opaque, “black-box” solutions and favor providers willing and able to demonstrate transparent practices.
  3. Comprehensive Due Diligence
  4. Conduct meticulous due diligence on AI recruitment vendors. This includes verifying their ability to comply with GDPR transparency and fairness principles and their willingness to cooperate fully with subject access requests.
  5. Contractual Protections
  6. Ensure comprehensive contracts with AI recruitment providers that allocate responsibilities clearly and provide sufficient recourse in case of litigation or regulatory action. The provider must be incentivized to maintain stringent compliance standards.
  7. Transparency Obligations
  8. Communicate to candidates how AI systems will process their data. The GDPR demands openness; hence, organizations must disclose the use of AI tools, how decisions are made, and the implications for candidates.
  9. Robust Data Subject Request Procedures
  10. Compliance teams must have effective, responsive mechanisms for handling data subject requests swiftly. Candidates dissatisfied with recruitment decisions frequently resort to GDPR subject access requests, creating significant administrative and compliance burdens.
  11. Regular Auditing and Checks
  12. Establish ongoing monitoring and periodic audits to continually assess AI recruitment tools. This process helps ensure that the systems adhere to compliance principles and remain free from bias or unethical decision-making patterns.
  13. Educate and Engage Internally
  14. Compliance professionals should engage closely with internal stakeholders, educating HR teams and recruiters on the implications of AI and compliance expectations. Internal awareness significantly mitigates the risk of non-compliance and encourages proactive risk management.

Looking Ahead: Staying Vigilant and Informed

The compliance landscape for AI in recruitment is undoubtedly complex, and the stakes are high. As Armstrong emphasizes, regulatory scrutiny is set to intensify, making it imperative for compliance teams to stay ahead of developments. Vigilance, proactive engagement, and informed awareness are key to successfully navigating these challenges.

This field remains ripe for academic and regulatory inquiry. More comprehensive research and analysis into AI’s implications on recruitment fairness, bias, and effectiveness would benefit organizations and compliance practitioners. Compliance professionals should watch developments closely and contribute actively to discussions, research, and policy development in this dynamic area.

AI in recruitment offers immense promise and substantial compliance challenges. Proactively addressing these issues ensures regulatory adherence and upholds corporate ethical standards, which are crucial in maintaining brand integrity and public trust. Compliance officers, thus, play a pivotal role in guiding their organizations through this rapidly evolving technological frontier.

Categories
Life with GDPR

Life With GDPR: Episode 113 – AI in Recruitment: Navigating GDPR Compliance and Challenges

Tom Fox and Jonathan Armstrong, renowned cybersecurity experts, co-host the award-winning Life with GDPR. This episode explores the complex intersection of AI and recruitment, focusing on compliance challenges under GDPR and potential risks.

Jonathan highlights that AI is often more prevalent in recruitment processes than many compliance officers realize, often through third-party vendors. He discusses the regulatory landscape in the UK and EU, sharing insights on recent cases related to automated decision-making and the transparency required for such systems. Jonathan offers a seven-point plan for organizations that use or are considering using AI in recruitment, covering provider selection, due diligence, transparency obligations, and mechanisms for handling data subject requests. The conversation underscores the need for proactive engagement between data protection officers, compliance teams, and recruiters to ensure that AI tools are used responsibly and transparently.

Key takeaways:

  • AI in Recruitment: An Overview
  • Legal and Ethical Concerns
  • Transparency and Fairness in AI Decisions
  • Practical Steps for Companies
  • Future of AI in Recruitment

Resources:

Connect with Tom Fox

Connect with Jonathan Armstrong

Life with GDPR was recently honored as a Top Data Security Podcast.

Categories
Blog

The UK Election and Its Implications for Compliance Professionals

Last week saw the greatest wipeout in the recorded history of UK governments, which saw the Tories being swept from power and losing over 400 seats in Parliament. The Labour Party took over with a commanding presence, securing around 450 seats, while the Tories retained only about 120 seats. I recently visited with Jonathan Armstrong, who shared his thoughts on the gravity and history of this election and what it might mean for our compliance contemporaries in the UK, the US, and worldwide, in the most recent episode of the award-winning podcast Life with GDPR.

This election is a refreshing change, irrespective of political leanings. The previous government was seen as limping along like a ship with a hole in its side, and the mood has noticeably improved since the new government took office. The Labour government, led by Sir Keir Starmer, has hit the ground running. Within hours of his appointment by the King, the new cabinet members were assigned their missions and started work immediately. This proactive approach is a sign of the times ahead.

From an enforcement point of view, this government has a firm grasp of compliance and enforcement. With his background as a defense barrister and tenure as the Director of Public Prosecutions, Sir Keir Starmer brings a wealth of experience. His leadership at the Crown Prosecution Service saw the first prosecutions under the Bribery Act, and his understanding of the criminal justice system bodes well for robust enforcement.

The now-entrenched SFO director, whom we previously called the “new” director, has taken significant steps in bribery enforcement, including the first dawn raids in years. I asked Jonathan if he saw a healthy interaction between the current SFO director and the new government. He responded that he does so.

Sir Keir Starmer and the current SFO director are on the same page regarding enforcement. The new administration has already announced a focus on investigating the PPE scandal, which involves around £7.2 billion worth of potentially corrupt contracts from Boris Johnson’s era. This will likely be a priority, and the new Covid Corruption Commissioner will work closely with the SFO, leveraging its powers to conduct dawn raids and demand documents. This indicates a continued and possibly intensified focus on bribery enforcement.

In addition to bribery and corruption, trade controls, customs, and economic sanctions are critical areas of concern. This includes sanctions involving Russian individuals and measures like the Uyghur Forced Labor Prevention Act in the United States. Here, Jonathan sees a stricter approach by Labour than the prior administration.

He believes that there was a perception that some Russian-connected individuals were overlooked in the sanctions list due to their connections with the Conservative Party. The new administration, less entangled with such interests, is likely to expand the sanctions list to align more closely with the US. Regarding Uyghur measures, the new second-in-command at the Treasury, Darren Jones MP, has a background in investigating supply chain issues and forced labor. Armstrong believes we can expect legislation similar to the US approach, emphasizing greater scrutiny and enforcement against forced labor in supply chains.

How about AI governance and enforcement, particularly with the significant tech companies dominating this space? Once again, Armstrong believes the previous administration was perceived as lenient on AI regulation, possibly due to future career aspirations. The new Labour government, however, is likely to take a stricter stance. This will involve a new centralized office to oversee AI usage, educating existing regulators on utilizing their powers, and possibly introducing new AI laws. These measures will likely mirror the EU AI Act, demonstrating the UK’s commitment to aligning with EU standards and fostering a closer relationship with the EU.

The new government views antitrust and competition law similarly to the EU. The CMA has already shown signs of cooperating with EU counterparts, conducting simultaneous dawn raids and sharing concerns about AI monopolies. The new administration is expected to continue this trend, addressing the concentration of GenAI in the hands of a few large US-based tech corporations. This collaboration with the EU will likely result in a more unified enforcement agenda across the channel.

What changes can we expect in traditional topics like GDPR and data privacy under the new UK government? The previous administration attempted to roll back some GDPR provisions, but the new government will likely take a more balanced approach. Changes will focus on areas like research while maintaining compliance with EU adequacy decisions to ensure seamless data transfers. The Labour government will prioritize maintaining a solid relationship with the EU, guaranteeing that any legislative changes do not jeopardize this adequacy decision.

Do you see the new government moving towards greater protections for workers in the era of remote and hybrid work models? Labour’s traditional ties to trade unions suggest a shift towards more pro-worker legislation. This could include regulations on maximum working hours and the right to disconnect, addressing the perceived always-on culture, particularly in US corporations. While hard and fast laws may not be imminent, there will be an emphasis on consulting employees about work-life balance and ensuring fair treatment.

This historic election marks a significant shift in the UK’s political landscape, with profound implications for compliance professionals. The new Labour government, focusing on enforcement, trade controls, AI governance, data privacy, and worker protections, promises a more robust and aligned approach with EU standards. Compliance officers must stay vigilant and adapt to these changes, ensuring their programs remain effective and compliant with evolving regulations. This new UK administration brings a fresh perspective and a more proactive approach to governance. Compliance professionals should be prepared for increased enforcement and regulatory scrutiny. By staying informed and adaptable, they can navigate these changes effectively and continue to uphold the highest compliance standards.

Categories
Life with GDPR

Life With GDPR: What Does The UK Election Mean for Compliance?

Tom Fox and Jonathan Armstrong, a renowned expert in cybersecurity, co-host the award-winning “Life with GDPR.” Jonathan has returned from his hiatus, and in this episode, we examine the UK election results and their potential impact on compliance.

The recent UK election has significant implications for compliance, particularly concerning the dynamics between the UK’s Serious Fraud Office (SFO) and the new government. Jonathan Armstrong, an expert on bribery enforcement, anticipates that the new administration under Keir Starmer will focus on high-profile issues like the PPE scandal while maintaining robust enforcement actions, including dawn raids.

Armstrong and Fox bring deep insights into the potential compliance landscape, shaped by their extensive backgrounds: Armstrong’s expertise in corruption investigations and Fox’s experience with the criminal justice system.

Fox highlights the impact of the new Prime Minister’s legal background in bolstering enforcement efforts and contemplates the future governance of AI under this administration. Both experts foresee a political shift, with Armstrong expecting the Conservative Party to lean rightward yet occupy the political center, and Fox emphasizing the continuity and experience the new government brings to compliance and enforcement issues.

 

Key Takeaways:

  • Heightened Bribery Enforcement Under New Government
  • Russian Sanctions and Uighur Import Regulations
  • Data Protection Bill Changes Post-UK Election
  • UK’s New Administration Faces Challenges and Changes
  • Center-Ground Positioning in UK Politics

Resources:

Connect with Tom Fox

Connect with Jonathan Armstrong

Categories
FCPA Compliance Report

FCPA Compliance Report: Jonathan Armstrong on Sweeping Changes in The UK Government: Insights on Compliance

Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this edition of the FCPA Compliance Report, Tom Fox welcome Jonathan Armstrong to discuss the seismic shift in the UK’s political landscape following the election last week.

The election was literally one for the ages. It led to a significant Labor victory over the Conservatives. They delve into the implications for compliance and governance in both the UK and globally. Topics include the new government’s proactive approach, anticipated shifts in bribery enforcement, and fiscal policies.

They also explore potential changes in AI regulation, employment law, data protection, and international relations, especially concerning Russia and China. The conversation highlights Labor’s balanced strategy, aiming for sensible, centrist policies while addressing key issues like corruption, AI, and data privacy.

Highlights in this Episode:

  • An election result for the ages
  • Impact on Bribery and Corruption Enforcement
  • Trade Sanctions, Russian Oligarch’s and Forced Labor
  • AI and Beyond
  • Data Privacy and Data Protection
  • Labor and Employment Rights

 Resources:

Jonathan Armstrong on LinkedIn

UK General Election 2024 – What Might This Mean for Compliance?

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Categories
Compliance and AI

Compliance and AI: Jonathan Armstrong – Understanding The EU AI Act and It’s Implications

What is the role of Artificial Intelligence in compliance? What about Machine Learning? Are you using ChatGPT?

These are but three of the many questions we will explore in this exciting new podcast series, Compliance and AI.

Hosted by Tom Fox, the award-winning Voice of Compliance, in this podcast, Jonathan Armstrong joins me to discuss the European Union Artificial Intelligence Act.

This podcast takes a deep dive into the EU AI Act, its current state, and its implications for AI regulation and compliance within Europe and beyond. Armstrong begins by clarifying the misconception that AI is unregulated in Europe by detailing existing cases where regulators have leveraged GDPR to address AI-related issues, including suspensions and fines against AI companies. The EU AI Act, which reached political agreement in December 2023, has a risk-based approach, a two-year period until full implementation, and a potential impact on corporations, particularly in terms of compliance and competitive advantage.

Armstrong also considered the Act’s extraterritorial reach, enforcement challenges, and the potential for high fines, drawing parallels to GDPR enforcement patterns. We covered the complexities of AI application compliance, the importance of proactive preparation by corporations, and the need for increased board-level awareness and diversity to effectively manage AI-related risks and opportunities. The podcast concludes with a Q&A session that further explores the proactive versus reactive stances of EU clients towards the AI regulatory environment, the importance of board governance in AI oversight, and the challenges posed by ‘shadow AI’ within organizations.

Key Highlights:

  • Introduction to the EU AI Act
  • Exploring Regulatory Actions and GDPR in AI
  • The EU AI Act: Overview and Implications
  • AI Compliance Challenges and Corporate Preparation
  • Board Governance and AI Oversight
  • The Future of Board Diversity and AI Expertise

Resources:

Jonathan Armstrong on LinkedIn

Punter Southall

Tom Fox

Instagram

Facebook

YouTube

Twitter

Categories
Compliance and AI

Compliance and AI: Karen Moore on The American Privacy Rights Act and AI

What is the role of Artificial Intelligence in compliance? What about Machine Learning? Are you using ChatGPT? These are but three of the many questions we will explore in this exciting new podcast series, Compliance and AI. Hosted by Tom Fox, the award-winning Voice of Compliance, this podcast, Karen Moore joins me to discuss the proposed American Privacy Rights Act (APRA) and its intersection with artificial intelligence.

Moore has expressed cautious optimism towards the act, paying particular attention to how the Act impacts artificial intelligence and automated decision-making processes. Drawing on the act’s provisions, Moore emphasizes the importance of the preemption clause, which indicates a shift towards federal regulations superseding state laws. She also underscores the potential challenges and complexities that lie ahead for companies, especially large data holders or high-impact social media companies, in adhering to the APRA’s requirements, such as conducting design evaluations, transparency obligations, and data minimization. This perspective is shaped by her extensive background in the field and her intricate understanding of the Act’s impact on data processing and AI algorithms.

Key Highlights:

  • Introduction to the American Privacy Rights Act Discussion
  • Exploring the Preemption Clause and AI Implications
  • Automated Decision-Making and Its Complexities
  • The Impact on High-Impact Social Media and Large Data Holders
  • Data Minimization Requirements and AI Challenges

Resources:

Karen Moore on LinkedIn

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn