With just over a year since the EU General Data Protection Regulation (GDPR) came into force, there are still many in the dark as to what they can and can’t do with data, especially with those who are buying and selling businesses – it is becoming abundantly clear that there are many lacking adequate privacy policies. As a result, advisers and lawyers are now urging clients to consider privacy as early as possible during the pre-transaction process to avoid any issues which may occur once a deal has been completed.

During the accounting due diligence process, the focus is on the risk management procedures of the business. Risk management is a determination of how business owners have safeguarded a company’s financial or business assets from various negative business situations. Privacy will normally be dealt with at this stage which gives the seller an opportunity to disclose the extent to which they are GDPR compliant including details of any known data breaches.

Businesses who are acquiring a business need to be aware of vulnerabilities in the security network of the organisation they are buying, as these can be transferred along with other regulatory and non-compliance issues.

Cybersecurity is a huge risk for all parties as many companies rely on cloud and digital storage and do not fully understand how that information is shared or who has access to it. Also, many do not understand what information has been transferred to personal or company-owned devices. Attackers are always on the look-out for security vulnerability during a business acquisition. A recent data breach has highlighted this: Marriott International Data Breach.

If you are selling a business there are important GDPR concerns that you need to be aware of. During the due diligence process there are risks of data and privacy breaches when sensitive information is shared between potential buyers.

We would advise businesses who are looking to sell their business to be prepared well in advance by ensuring all documents relating to the transaction are stored in a safe and secure purpose built platform. You may think a transaction is straightforward however you should always use external help. External advisers are specialists in the Merger and Acquisition process and will be able to assist you when it comes to finance, tax and legal matters. They can also help you to stay informed and ensure your company is compliant with GDPR during the due diligence process.

If you require advice on buying or selling a business, please contact the team on 0161 761 5231; or email theteam@horsfield-smith.co.uk.