With an ever-growing public awareness of the implications of data privacy (or rather, lack of data privacy), increased emphasis on best data practices is likely to influence mergers and acquisitions (M&A) in 2018 and beyond. Different jurisdictions have opted for varying kinds of regulations, each of which may affect transactions in unique ways. In particular, the European Union (EU) is preparing to implement new, strengthened data privacy regulations in 2018.

Looking ahead, the EU is now poised to implement the General Data Protection Regulation (GDPR). Implementation is expected to occur on May 25, 2018. The GDPR purports to regulate the personal data of EU citizens. In the M&A sphere, data privacy due diligence will become even more critical, as acquirers must evaluate how the target company collects, stores, uses, and transfers personal data.

What can acquirers look for to evaluate the target company's data practices?

During its due diligence, an acquirer should consider whether there is or has been:

  • Complete disclosure and understanding of the movement of the target's data between different locations, including different jurisdictions which may have different laws;
  • Privacy by design, meaning an approach to design that considers and integrates privacy at all stages of the design process;
  • Maintenance of a comprehensive and up-to-date data security strategy to responsibly manage and protect the personal data collected by the target; and
  • Risk assessments by the target regarding the risks posed by collection, storage, use, and transfer of personal data.

With five months remaining to prepare for the GDPR, now is a critical time for companies anticipating M&A activity involving the EU to brush up on their new legal obligations, and for all potential acquirers or targets to carefully consider their data privacy practices and ensure compliance with applicable data privacy regulations.

The author would like to thank Kassandra Shortt, Articling Student, for her assistance in preparing this legal update.


About Norton Rose Fulbright Canada LLP

Norton Rose Fulbright is a global law firm. We provide the world's preeminent corporations and financial institutions with a full business law service. We have 3800 lawyers and other legal staff based in more than 50 cities across Europe, the United States, Canada, Latin America, Asia, Australia, Africa, the Middle East and Central Asia.

Recognized for our industry focus, we are strong across all the key industry sectors: financial institutions; energy; infrastructure, mining and commodities; transport; technology and innovation; and life sciences and healthcare.

Wherever we are, we operate in accordance with our global business principles of quality, unity and integrity. We aim to provide the highest possible standard of legal service in each of our offices and to maintain that level of quality at every point of contact.

For more information about Norton Rose Fulbright, see nortonrosefulbright.com/legal-notices.

Law around the world
nortonrosefulbright.com

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.