Global Investigations podcast: Episode 7

In the seventh episode of our Inside Investigations podcast series we delve into key data privacy and security considerations in internal and regulatory investigations.

Building upon our previous episode about common data sources and challenges in data collection, this episode explores the impact that data protection regulations - such as the EU / UK’s GDPR - have on the necessary collection and processing of large volumes of personal data over the course of an investigation.

Takeaways from this episode include:

• While conducting internal investigations, it is important for organisations to ensure that they have identified, and are able to rely on, a legitimate basis for processing personal data and to adhere to data principles such as transparency and data minimization in order to comply with data protection laws – failure to adhere to these principles can result in severe regulatory penalties.

• Practical strategies for balancing rigorous data privacy requirements with the necessity of conducting robust, defensible investigations, including careful formulation of search terms and the implementation of a staged filtering process to limit unnecessary processing of personal data.
• Insights into navigating complex cross-border data transfers in the context of investigations, particularly under the EU / UK GDPR, China's strict data export rules, and France’s Blocking Statute, highlighting jurisdiction-specific risk mitigation strategies.
• Guidance on responding to requests from foreign regulators, particularly U.S. authorities, emphasising the importance of demonstrating good-faith efforts, engaging local counsel, and managing regulatory expectations through transparent dialogue.

Listen to the episode here.