Internal investigations are undergoing significant development within French companies, notably due to the adoption of the Sapin 2 Law on transparency, the fight against corruption and the modernisation of economic life which came into force on 1 June 2017.
Since 25 May 2018, those responsible for running investigations must also bear in mind the data protection requirements articulated under the General Data Protection Regulation (GDPR). Two years after the implementation of the new Regulation, the time has come to take stock of the areas of tension between the objectives pursued by commercial operators when running an internal investigation, and their duty to protect personal data under GDPR.
