This Week in Compliance: German Authorities Announce Random GDPR Compliance Audits

Laura Sayer
Laura Sayer


  • Google drops out of USD 10 billion Pentagon tender over ethics concerns: Tech giant Google announced on Monday that it has decided not to compete for the Pentagon’s USD 10 billion contract after it determined the project may conflict with its internal values. The company had already decided a few months ago to refrain from renewing another contract with the Pentagon for an artificial intelligence project, following extensive employee protests about the project. Google has now implemented a set of principles which it uses to evaluate the kind of AI programs it wishes to pursue. The company further criticized the project for allowing only one winner, rather than splitting the project among a number of providers.
  • EU banking watchdog examining Danish handling of Danske Bank: Danske Bank, Denmark’s biggest bank, continues to face scrutiny over the money-laundering allegations involving its Estonian branch. The U.S. Department of Justice announced last week that it was investigating the bank over the money-laundering allegations. The European Banking Authority (EBA) also announced this week that is launching an inquiry into Denmark’s financial watchdog over its supervision of Danske Bank. The EBA has the authority to make recommendations that national supervisors are required to follow. Danske Bank revealed last month that over USD 200 billion in possible tainted money flowed through its Estonian branch.


  • Interpol president detained in China on bribery charges: China’s Security Ministry announced on Monday that Meng Hongwei, now former president of international policing agency Interpol, has been detained over vaguely worded bribery charges. The revelation comes after French authorities announced last Friday that they had opened an investigation after Meng had been considered missing for 13 days. Meng’s wife had said on Sunday that the last message she received from her husband, on his trip to China, before his disappearance was a knife emoji, leading her to believe he is in danger. It is unclear what will happen to Meng.
  • Another former South Korean president jailed for corruption: Lee Myung-bak, South Korea’s former president, received a 15 year prison sentence and a fine of USD 11.5 million for corruption. Lee is only the latest high-ranking South Korean official to have faced such charges recently; his successor Park Geun-hye was sentenced to 25 years of imprisonment in another corruption scandal which saw her ousted from office last year following months of protest. Lee was convicted over charges of taking millions of dollars in bribes from businesses as well as using an auto parts company as a channel to embezzle tens of millions in additional funds.
  • Former French President Nicolas Sarkozy loses first appeal in corruption case: Nicolas Sarkozy, former president of France, lost his first appeal in a case over influence peddling and corruption charges on Monday. Sarkozy was France’s president between 2007 and 2012; he now stands accused of aiding in the promotion of a prosecutor in exchange for providing leaked information about another criminal inquiry. The investigation is one of a number that have been started since his election defeat in 2012; the allegations include corruption, fraud, favoritism, and campaign finance irregularities. Sarkozy will have to await the second appeal decision in the case before knowing whether he will be formally charged.


  • German authorities announce random GDPR compliance audits: The Data Protection Supervisory Authorities (DPAs) in the states of Lower Saxony and Bavaria announced that they intend to carry our audits at random to check GDPR compliance. The DPA for Lower Saxony sent questionnaires to about 50 companies back in July 2018 with questions concerning GDPR compliance. The agency expects companies to respond with detailed documents, rather than supply high-level responses. The questionnaires are used by the DPA to identify further areas for targeted audits as well as areas where the agency can supply guidance and support. The main purpose of the audits does not appear to be to punish and impose fines. Bavaria’s DPA has announced similar audits.

Get our newsletter for the latest compliance insights