Dealmakers struggle with tech M&A due diligence

Author: Karry Lai | Published: 27 Feb 2019

Technology M&A deals require a different due diligence process to traditional M&A, especially for data privacy issues, in-house lawyers tell IFLR. Dealmakers must be hyper-aware of limiting data access to avoid snares in complex technology M&A.

The EU’s General Data Protection Regulation (GDPR) now requires companies to demonstrate that they have fulfilled the 'privacy-by-design’ obligation in particular, according to an in-house lawyer at a medical technology company. This part of the regulation requires that the absolute minimum level of data is collected from tech users and, if this is not feasible, that the company conducts a data impact assessment, along with various other legal obligations.

The extraterritorial impact is severe – so companies all over the world must comply.

"It’s important to realise that data privacy due diligence is not a tick-box exercise," said Joshua Cole, managing partner of...