Why Every M&A Deal Should Include Data Privacy Due Diligence

Odia Kagan
Fox Rothschild LLP
Contact
LinkedIn
Facebook
X
Send
Embed

Fox Rothschild LLPMilk, meat, fruits, breads … and data protection.

These are the new food groups for your M&A deal.

Just 24 hours after the notice of intent to fine British Airways 183 Million GBP, the UK ICO issued an intent to fine Marriott International 99 Million GBP for a data breach that affected 339 million individuals, 30 million of them in the EU.

The breach in question was essentially “acquired” by Marriott in an M&A deal.

Key takeaway is – data protection, meaning information security measures, but also data privacy compliance, should be one of the key areas being investigated in any merger or acquisition due diligence inquiry.

Per ICO Commissioner Elizabeth Denham: “The GDPR makes it clear that organisations must be accountable for the personal data they hold. This can include carrying out proper due diligence when making a corporate acquisition, and putting in place proper accountability measures to assess not only what personal data has been acquired, but also how it is protected.”

Read the full ICO notice.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Fox Rothschild LLP | Attorney Advertising

Written by:

Fox Rothschild LLP
Fox Rothschild LLP
Contact
more
less

Fox Rothschild LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide