Data Privacy Laws May Create Dilemma for Sanctions Compliance, Says Consultant
The advent of data privacy laws, such as Europe's general data protection regulation, creates a "potential tension" with trade sanctions compliance, said Ramsey Kazem of Spark Compliance Consulting Thursday at the American Association of Exporters and Importers Conference. GDPR and other laws in various stages of implementation in U.S. states "tend to be very protective and restrictive on how you use personal data," he said. This may "often conflict with sanction laws, which requires companies" to do "more with the personal data that they possess in terms of screening their third parties, screening their business partners, screening their customers," said Kazem. "So it's not difficult to see how the GDPR" and other data privacy restrictions "could conflict with, for example, U.S. sanctions laws." Further complicating the issue for companies is that "neither the U.S. nor the EU recognize the other's laws as a legitimate basis" for not complying, he said. Companies will need to examine the potential risks of such a conflict, Kazem said. "In some instances there may not be an easy answer and a company may be forced to choose between the lesser of two evils." As a result, data privacy considerations "must be at the table" while a company is developing a sanctions law compliance program, Kazem said.