![Default Article Featured Image_laptop-newspaper-global-article-090623[95].jpg](https://images.contentstack.io/v3/assets/bltd4dd5b2d705252bc/blt61f52659e86e1227/64ff207a8606a815d1c86182/laptop-newspaper-global-article-090623[95].jpg?width=3840&quality=75&format=pjpg&auto=webp)
The new UK Bribery Act 2010 came into force on 1 July 2011, raising a number of data protection compliance considerations for organisations carrying out business in the UK.
Under the Bribery Act, businesses can be criminally liable for failing to prevent bribery by their “associated persons,” including employees, subsidiaries and business partners, unless they have in place “adequate procedures” to prevent bribery. Ministry of Justice guidance encourages the use of due diligence and whistleblowing schemes, amongst other measures, to mitigate bribery risk.
In putting in place these procedures, organisations will necessarily process significant quantities of personal data—including sensitive personal data—about clients, employees and contractors. As data controllers, they also have to ensure compliance with the data protection principles when processing this data, creating a strain between Bribery Act risk mitigation and data protection standards. The Bribery Act also has wide jurisdictional scope, potentially extending to overseas businesses and contractors, and so also creates potential conflicts with overseas data protection regimes.
