US buy and sell sides will be forced to take extra due
diligence measures to ensure compliance with the upcoming
General Data Protection Regulation (GDPR).
According to Davis Polk & Wardwell partner
Leo Borchardt, for an M&A practitioner, it's no longer
a box ticking exercise or a minor due diligence question about
"Just as companies are pursuing deep-dive data security due
diligence and compliance due diligence, if you are dealing with
a target which processes data that may be subject to the GDPR,
you will focus on GDPR," he said.
The regulation comes into effect on May 25 and tightens up
privacy and security standards with fines for breaches or
non-compliance as high as €20 million ($17.5 million) or
four percent of global revenue. Additionally, and in contrast
to existing data protection rules, the legislation has
extraterritorial scope in that it will...