GDPR affects your mergers & acquisitions too

GDPR affects your mergers & acquisitions too | Monday 23 April 2018 | 2 min read

Acquiring or merging with another organisation means expanding the personal data you hold, whether related to employees, customers, suppliers or other individuals. This puts you in the General Data Protection Regulation spotlight, so here are three things to bear in mind.

Personal data due diligence

Due diligence gives you a clear picture of the organisation you are acquiring or merging with, and assessing their personal data is now a crucial aspect. You need to identify the full scope of what they hold, and whether consent to hold the information has been obtained from each individual. If not, it will be necessary to have another legal basis for processing the personal data.

Unambiguous consent

If due diligence exposes consent gaps, filling them becomes a priority. But if you are acquiring an organisation rather than merging with it, you need to reconfirm consent where appropriate. That’s because the change in ownership makes you the new ‘data controller’. Remember that consent must now be freely and unambiguously given. That means writing to each individual and asking them for permission to hold and process their data in the absence of having any other legal basis to process the data.

Data breaches

When undertaking due diligence, get assurances that the organisation you are acquiring or merging with hasn’t suffered any data breaches that they know of. You also want to know the details of any successful cyberattacks or information mishandling incidents that could have led to a data breach. With the threat of greatly increased fines under GDPR, you need to be extremely careful about the ‘privacy risk’ you are taking on.

SA Law has extensive resources to help you meet the requirements of the General Data Protection Regulation. Click here to learn more about them. 

Continue reading

  1. Insight

    Approval Granted: Six-Month Qualifying Period for Unfair Dismissal

    by Chris Cook and Eloise Hopping

    View Insight

  2. Insight

    Employment Rights Bill: Consultations Launched

    by Emily Morrison and George Fell

    View Insight

  3. Insight

    Employment Rights Bill: Parliamentary Ping-Pong

    by Emily Morrison and George Fell

    View Insight

  4. Insight

    ACAS extend early conciliation period

    by Chris Cook and George Fell

    View Insight

View more related insights