GDPR and other risks when acquiring a business

When acquiring a business there are a huge range of factors that need to be considered

Ever present is the risk of an undiscovered liability that is not factored into the legal documentation encompassing a transaction. This can potentially leave the new owners exposed to financial and business risks.

With the increased onus for businesses to protect consumer/customer private data since the adoption of the General Data Protection and Regulation (GDPR), companies are now having to tighten their procedures for managing and keeping this data secure.

Some businesses are falling short of the requirements of GDPR

As seen in the recent Marriott Case, the hotel group was fined following a personal data breach where 399 million guests’ records were stolen which was sourced back to a system compromise in 2014. The Information Commissioner’s Office said Marriott had “failed to undertake sufficient due diligence when it acquired Starwood and should have done more to make sure its IT systems were secure”.

This demonstrates that even historical breaches preceding the implementation of GDPR can give rise to hugely costly fines.

GDPR risks to an acquirer

Proper financial and tax due diligence can help identify these issues and therefore assist in creating explicit protections for the acquiring party when legally documenting a deal.

Roffe Swayne offer a tailored due diligence service that allows acquiring parties to focus on the key risk areas and utilise our vast transaction experience in many areas.

If you are considering acquiring a business, please feel free to get in touch.

For more information

For more information on acquiring a business, please contact either:
Chris Brazier, Anu Tayal or James Wood, or call us on:

01483 416232