Our recent survey of 500+ M&A practitioners across Europe, the Middle East and Africa (EMEA) revealed that the European Union’s (EU) General Data Protection Regulation (GDPR) was impacting M&A due diligence and, as a result, dealmaking activity, too.
GDPR, which came into force in May 2018, was not conceived with M&A in mind. Yet the demands it makes on companies to strengthen their data protection, policies and processes has major implications for acquirers and their targets.
Central Concern for Dealmakers
Those implications run through key phases of a deal – from the valuation of a target and the acquirer’s acquisition strategy, to the due diligence and post-acquisition integration process. GDPR has, therefore, become a central concern of dealmakers.
So much so, in fact, that over half (55%) of practitioners surveyed across EMEA said they had worked on M&A transactions that had not progressed because of concerns around a target company’s data protection and compliance with GDPR.
This is a striking statistic. However, the impact of GDPR varies by country across EMEA. While 73% of German practitioners, for instance, said they had withdrawn from deals due to concerns – the highest percentage of any country in EMEA – practitioners in the Middle East and Africa said the impact was less widespread. Interestingly, Italian practitioners said that GDPR was much less of an issue for them, too.
Where there is alignment in the views of EMEA practitioners is on the expected impact of GDPR on due diligence, with the resounding response being to increase the acquirer’s scrutiny of the data protection, policies and processes of target companies.
Although GDPR makes due diligence more complex and time-consuming, this enhanced focus on data can only be of benefit to acquirers.
Role of Technology
Importantly, technology has a role to play in managing this added complexity and supporting efficiency in the process. Technology can help ensure security and GDPR compliance in key parts of the due diligence process, too.
Indeed, with GDPR raising the importance of redaction, watermarking and permissioning controls in the due diligence process, virtual data rooms, replete with AI and analytics tools that support these capabilities, become an even more critical tool.