In recent months we have lived with all kinds of news and articles related to the new RGPD and the security of personal data. But there are other lesser-known measures that every company must also take into account to avoid sanctions. Today we talk about the prevention of crime in the company, which also affects technology companies or digital base.
To deal with the issue, we have an expert lawyer in data protection and crime prevention in the company. Sign this article Carlos Adriaensens Cárdenas, Consultant and trainer RGPD.
The corporate compliance of the company on the Internet
Relatively recently, the Spanish legislation contemplates the criminal liability of legal persons. The reformed Penal Code and, more specifically, the Organic Law 1/2015 delimit the legal framework related to this corporate criminal liability.
Before the possible question of can, a legal person be criminally liable? The answer is yes. Until the entry into force of these new regulations, the criminal responsibility fell on the administrator or administrators of the company. Now, it is the entity or company that assumes criminal responsibility. And, although it is evident that a legal entity can not serve a penalty of deprivation of liberty, it can be imposed a sentence of suspension of exercise that can reach up to three years. Or, in the worst case, to a definitive suspension, dissolution, and extinction of the responsible company.
The criminal responsibility of the digital company
Let’s give an example of the above directly related to the technology sector. Suppose that a company has in its computer security department with a worker who manages to circumvent the security of the computer equipment of a company of the competition. He does this with the purpose of finding out confidential information for the benefit of the company for which he works.
In this case, the worker would be accused of a crime. But so would the company he works for.
How to prevent crimes in the company
How can we then avoid these situations or mitigate the possible effects of a condemnation of the company? Corporate compliance or ‘corporate regulatory compliance’ comes into play here. The name by which the system of organization and management is known that a company must implement to avoid or mitigate its criminal responsibility before the possible commission of crimes.
The company must implement a system for the prevention and detection of crimes in the company. And it is that the Law comes to say that, if a worker commits a crime in favor of the company and this company has implemented an effective crime prevention program, the judges may consider these measures as mitigating or even exempting the penalty.
In this system of crime prevention or regulatory compliance, companies must appoint a Compliance Director or Compliance Officer. Something those smaller companies, in whose organizational chart this figure does not fit, can outsource to specialized consultancies. In a similar way to how to act on issues related to personal data protection.
Among the actions to be carried out to implement this program, it will be necessary to establish a risk map, adopt a model of management and administration of financial resources following the legislation and establish a disciplinary system together with an internal complaints channel.