Data Protection and Mergers & Acquisitions: Legal issues
The due diligence period of any merger and acquisition includes an analysis of risks of a potential merger or acquisition for both parties. The analysis focuses on legal, business and other issues that the acquiring party would have to deal with.
This article gives an overview of data protection legal issues arising in the due diligence.
1. The cross-border transfer of data
Would the merger or acquisition lead to the cross-border transfer of personal data? Would data cross the border of European union or would it be only within European union? Since the majority of non-EU legislation is less strict about the transfer of data, the crucial issue is the processing of personal data of EU nationals and resulting obligations in case of their transfer outside of EU.
3. The analysis of other party´s customers
Although many of these changes were not introduced, the example shows that the lack of an analysis of potential customers and their attitude towards data protection can have significant business consequences. That’s why, it should also be a part of proper due diligence.
4. Finding a best solution
5. The time period of a due diligence
In the same article, Hinkler focuses on another typical characteristic of mergers & acquisitions, especially in the area of technology. These mergers are usually very quick. According to Hinkler, the Facebook-Instagram deal took 2-3 days to complete. However, there is a reason why due diligence should last longer. Quick due diligence might result in problems similar to those described earlier. Otherwise, the word „due“ has no real meaning.
The article gave an overview of issues, specific to the personal data protection. Many of these issues are significant for mergers and acquisitions in the technology industry. However, the expectations are that the user awareness of personal data protection will rise. Therefore, personal data issues would become even more important in due diligence process.
What kind of problems have you experienced with personal data in mergers and acquisitions? Do you have any comments? Feel free to contact us and share your experience or comments.
Note: This article is intended as a summary of issues. Its purpose is not to provide legal advice or create an attorney-client relationship between you and the author of this article.