The Sapin II Law and the GDPR: Two Regulatory Frameworks That Are Difficult to Implement

July 16, 2020 Nicolas Brooke & Mathilde Gérot
Comment

Article published on July 15, 2020, in Option Droit et Affaires - here.

 

Internal investigations within French companies have grown in particular as a result of the Sapin II Act, but conducting them raises significant conflicts with the requirements of the GDPR. On the one hand, the confidentiality essential to any internal investigation clashes with the right to information and the right of access of the individuals concerned, even though attorney-client privilege serves as a useful safeguard. On the other hand, the principles of data minimization and proportionality regarding data retention periods are difficult to reconcile with the evolving and sometimes very lengthy nature of internal investigations, requiring companies to constantly reassess the relevance of the data collected.

Read comments (0)
Previous

LDH vs. Uber: Litigation and Regulatory Strategy Regarding Data Collection
Next

Data Protection in the Age of COVID-19

Be the first to comment

Will not be published

Sent!

Latest articles

January 17, 2025

CJEU ruling expands GDPR liability regarding unfair competition and AML/CFT

Article published on January 16, 2025, in Compliance Week - here.
European and French case law confirms that a breach of the GDPR—as well as of other...

Read the article
Mathilde Gérot, Attorney

Categories

Website design and SEO by Simplébo Simplébo

Log in