Lawyers have a role to play in ensuring clients adopt a culture of business ethics rather than merely taking steps to avoid criminal offences
It will become increasingly common for Spanish companies to create in-house compliance departments to meet the requirements of data protection legislation, though it is important they include previously accredited compliance officers, says Pedro Jiménez Rodríguez, partner at Lener.
“In terms of the biggest developments in 2017, it was a key year in the compliance sector in Spain with regards to the UNE 19601 standards,” he says, referring to the criminal compliance standards that IBEX 35 companies are currently implementing, and with which their suppliers will have to comply. “However, once the first stage of the criminal compliance programme has been implemented, we must then develop a second stage, which will be much more complex and challenging,” he says. “It includes helping clients to build a real culture of business ethics that respects the commitments in general terms and not only the criminal rules.”
However, according to Jiménez Rodríguez, the General Data Protection Regulation (GDPR), which concerns data protection and privacy for all EU individuals, will be the biggest opportunities for law firms. “It is providing an opportunity for firms like ours to adapt client processes to new requirements, especially with regards to sectors such as health, entertainment and transportation,” he says. In addition, Jiménez Rodríguez predicts an increasing trend for companies to create in-house compliance departments. “Whether they are collegiate or individual bodies, it will be of great importance that internal or external professionals previously accredited as compliance officers are part of these,” he says. “In this regard, this year and in the years to come, it will be increasingly necessary that these professionals have knowledge and skills duly certified by a compliance association after rigorous exams.”