Corporate Compliance

Regulatory and Compliance. Data Protection

Geijo & Associates is prepared to effectively advise clients on regulatory and compliance issues. Our lawyers are qualified in both civil and common law jurisdictions, and their cumulative expertise includes compliance and internal investigation matters, as well as previous experience in a London-based financial consultancy. This allows the firm to adopt a multijurisdictional approach and advice corporate clients who have a presence in different jurisdictions. Furthermore, our lawyers are fluent in several languages, including Spanish, English, French, Catalan and Italian. This further reinforces the firm’s multijurisdictional capabilities.

1. Regulatory & Compliance

Legal entities are required to have in place a robust compliance programme. Legislation that provides for corporate criminal liability is on the rise and places effective compliance programmes as a key element. In addition, regulatory frameworks are changing rapidly and adapting to new forms of criminality linked to emerging technologies.

Compliance programmes in place are to be monitored and updated in accordance with regulatory changes. For a compliance programme to be effective, it must not disrupt day-to-day operations.

In addition, it is also important for businesses that operate in more than one jurisdiction to obtain counsel on local and international compliance requirements as well as their effective implementation.

The importance of having an effective compliance programme lays first and foremost in the criminal liability of a legal entity in case a criminal offense is allegedly committed. In addition to deterring wrongdoing by an entity’s internal and external workforce, having a solid compliance programme in place can act as a defence against a company’s alleged criminal liability. For instance, Article 31bis.2 of the Spanish Penal Code provides that an entity can be exempted from criminal liability if, prior to the commission of the crime, it adopted and implemented an effective compliance programme, along with the other conditions established therein. Article 31bis.5 of the Spanish Penal Code sets out the requirements that a compliance programme must meet to be effective.

Spain is by no means the only country whose legislation provides for such a defence. Indeed, in the UK and the US this is known as the adequate procedures defence. In several countries, the establishment of an effective compliance programme that meets national minimum requirements can exempt a company from criminal liability, and/or act as a mitigating factor.

Nonetheless, a simple box-ticking exercise is not enough. Instead, in order to establish a solid corporate governance framework, it essential that a company’s management instils a culture of integrity.

Our lawyers have experience in advising clients, including financial institutions, on regulatory requirements as well as the formulation and implementation of compliance programmes in various jurisdictions, including Spain, France and the United Kingdom. Furthermore, our global network of local law counsel allows for us to successfully assist clients who carry out cross-border transactions and operate in different countries.

2. Data protection

Compliance with data protection regulations has become of paramount importance since the coming into force of the European Union’s General Data Protection Regulation (GDPR). Most professional or commercial activities process personal data and are subject to the GDPR and national legislations on data protection. Infringements of the GDPR may face fines of up to €20 million or 4% of its worldwide annual turnover, whichever is higher.

Whilst the GDPR only applies in the territory of Member States of the European Union, several countries adhere to the Regulation’s standards.

Our team has experience in assisting clients on formulating and implementing a compliance programme that meets the requirements of the GDPR as well as policies and procedures. Our lawyers are also experienced in advising on day-to-day matters such as subject access requests, deletion requests and data breaches and handling complaints from individuals and regulators. In addition, the firm also advises on GDPR-compliant contractual clauses. We are also prepared to assist our clients in ensuring that any transfer of data out of the European Economic Area is GDPR-compliant.

Geijo & Associates está preparado para asesorar eficazmente a los clientes sobre cuestiones de cumplimiento legal y regulatorio. Nuestros abogados están calificados en jurisdicciones de derecho civil y de derecho consuetudinario, y su experiencia acumulada incluye asuntos de cumplimiento e investigación interna, así como experiencia previa en una consultoría financiera con sede en Londres. Esto permite a la firma adoptar un enfoque multi-jurisdiccional y asesorar a clientes corporativos que tienen presencia en diferentes jurisdicciones. Además, nuestros abogados dominan varios idiomas, incluidos español, inglés, francés, catalán e italiano. Esto refuerza aún más las capacidades multi-iurisdiccionales del despacho.