The data explosion and M&A

D&I Quarterly Q3/2019

Posted on

21 Oct

2019

Share this

D&I Quarterly

Welcome to our newest edition of
D&I Quarterly.

This article is part of a selection of our experts’ articles published here at D&I Insight, our platform for insight into all the latest in law and business.

Key Insights

Sellers should keep the following in mind when starting to prepare for an exit:

  • Review the data flows and rights carefully to identify the transaction scope and possible need for data related arrangements
  • Ensure that your data room and the material itself demonstrates your GDPR compliance
  • Plan for the use of AI tools early on in the process – both on your end and on the other side of the table

Buyers benefit from the following actions:

  • Seek access to target management before starting the document review in order to understand the business and the use of the data
  • Plan your use of AI technologies, and request rights to utilize such technologies as early as possible in the process
Dittmar & Indrenius > Insight > The data explosion and M&A

The collection, use, commercialisation and transfer of data has grown exponentially during recent years and data has come into focus also in M&A-transactions. An increasing amount of transactional work evolves around data and the GDPR has put personal data questions on the top of many legal due diligence checklists.

The data explosion has changed, and will continue to change, the M&A deals we do and how we do them. More and more often, the data of the target is the key asset and the deal driver. The GDPR, providing supervisory authorities with extensive powers and involving risks of severe sanctions, has brought personal data and related GDPR compliance on the radar. In all transactions, regardless of the target’s business, the virtual data rooms have grown and the disclosure material has become more extensive, and performing due diligence manually is getting more challenging because of the large amounts of data under review.

Understanding the business and the use of the data

In deals where the data is an important or the most important asset of the target, it is paramount to understand whether the data can be used as intended post-closing and to identify any contractual or regulatory limits to the intended use or limits due to the collection of the data. Any hick-ups in the intended future use of data may threaten the entire deal as the commercial rationale falls away.

A comprehensive review of key data issues is almost impossible to undertake merely based on due diligence material, and should ideally be kicked off by interviewing target management to gain an understanding of the business and relevant data. Both the seller and the buyer must dig deep to identify any need for data licensing or other disclosing or separation of data in connection with the transaction.

Historical GDPR risks and showing compliance

Nowadays, privacy lawyers play an important role in M&A deal teams. The GDPR has forced focus on compliance with data protection laws, and even though no or very few targets can claim that they are fully GDPR compliant, it is highly important to identify risk areas and how these can be mitigated pre or post closing. Frequently, W&I insurance cannot be relied on to solve these types of issues, as data protection / GDPR exclusions are commonly seen in W&I insurance policies.

An important detail in showing compliance on the seller side is to think about the compliance of the due diligence process itself. This could entail making an effort in vetting VDR providers, especially their GDPR readiness; redacting personal data from the material; and ensuring that the target’s own privacy documentation allow the disclosure of personal data to a potential buyer.

Data rooms are growing – AI is on the rise

Data rooms are now larger than ever in size, and typically data rooms include thousands or tens of thousands of pages of legal documentation to be reviewed. The common view on the market is that AI and machine-learning technologies will have a transformative impact on M&A due diligence in the long term.

In Finland, widespread use of AI technologies is yet to be witnessed, but buyer requests to allow downloading of the data room materials for the purpose of utilising AI technologies are getting more common. The advantages of using AI technologies on the seller side in the compilation of the data room and in preparing vendor due diligence reports are obvious. My own prediction is that AI technologies will be used in all due diligence processes in some form within a couple of years.

Share this

Dittmar & Indrenius