From operating a virtual data room to evaluating a target's data protection compliance status – corporate M&A transactions are impacted by the General Data Protection Regulation (GDPR) on many levels, especially the due diligence process. 

First, sellers often seem to struggle to take a GDPR-compliant approach when establishing and operating a virtual data room and disclosing documents containing personal data therein. We have prepared a short overview on what sellers should bear in mind from a data privacy perspective before opening the virtual data room to potential bidders.

Second, with the GDPR in full effect, it has become imperative for purchasers to evaluate the target's data protection compliance status in course of their due diligence exercise. Otherwise, purchasers risk acquiring a non-compliant business and thus to buying into the hazard of serious fines or law suits from data subjects. We have prepared a short overview on what purchasers should have a look at to be able to assess the target's data protection compliance status.

The overviews have been prepared in the format of A3 placemats and are available for download under the following links: