GDPR will impact US M&A

Author: John Crabb | Published: 4 Apr 2018

US buy and sell sides will be forced to take extra due diligence measures to ensure compliance with the upcoming General Data Protection Regulation (GDPR).   

According to Davis Polk & Wardwell partner  Leo Borchardt, for an M&A practitioner, it's no longer a box ticking exercise or a minor due diligence question about data protection.

"Just as companies are pursuing deep-dive data security due diligence and compliance due diligence, if you are dealing with a target which processes data that may be subject to the GDPR, you will focus on GDPR," he said. 

The regulation comes into effect on May 25 and tightens up privacy and security standards with fines for breaches or non-compliance as high as €20 million ($17.5 million) or four percent of global revenue. Additionally, and in contrast to existing data protection rules, the legislation has extraterritorial scope in that it will...