Interesting article by Floris ten Have looking into a recent fine made by the Dutch competition authority. Although, a specific Dutch example, I am sure that this would resonate across most, if not all, European (and wider) jurisdictions which have similar rules and regulations.
This decision confirms that cooperation needs to include the actions taken by individuals when a "raid" is taking place - and therefore can have consequences later in the process. The first point to make here is the importance of staff training and awareness around how to act in response to a raid - what to do and what not to do. This obviously needs to extend into data and technology. Carrying out mock dawn-raids as well as training can often help this process as it gives people a more real experience and allows companies to see how their teams react.
The second point is to make sure you carry out your own independent exercise to capture and analyse data and record to help respond to the regulator in a timely manner. This can help: raise issues before the regulator raises them with you; thinking around how to reply/defend; and consider any applications for leniency. Therefore, once the regulator has left, or even before, this exercise should be commenced to ensure that you are appropriately armed and prepared.
This sort of issue is only going to become more common as data becomes more and more central to a regulator's inquiries.
Companies should be aware that the Dutch competition authority (ACM) will not only examine electronic records and emails, but can also check WhatsApp messages during dawn raids. The ACM recently imposed a fine of EUR 1.84 million on a company for non-cooperation with a dawn raid; its highest fine so far for non-cooperation. Several of the company’s employees had left WhatsApp groups and deleted chats before handing over their mobile phones for inspection.