Share Purchase Agreement Data Protection

If the parties reach an agreement on the transaction after the due diligence period, they will sign a contract to seal the agreement. Such an agreement can be either a share purchase agreement, an asset sale agreement, or a combination of both. In the event that certain infringements have been found during the due diligence procedure, the buyer must verify, taking into account the gravity, whether it expects the seller to regulate such infringements before the conclusion or to bear the economic risks associated with them (such as fines or damages). In the case of infringements that can be corrected relatively easily (e.g. B no DSB has been designated), a condition precedent may be necessary to compel the seller to remedy the infringements before the conclusion of the transaction. In the event that, during the due diligence period, an identifiable risk, such as.B. The absence of data processing agreements, detected, could provide a solution to a specific compensation or price correction. Finally, risks of non-compliance with the GDPR that have not been detected during due diligence should be covered by a guarantee to ensure the accuracy of the measures taken or the current state of affairs, for example. B that the company fully complies with the GDPR, that no data protection disputes are ongoing or that no data protection violations have been found in the last three years. While the first two means of protection depend, on the one hand, on the importance of data protection, the breach itself and the negotiating power of the parties, on the other hand, and are therefore less widespread in practice, the data protection guarantee is a must in any M&A contract. With regard to the European General Data Protection Regulation (GDPR), it is highly unlikely that new European Commission (EC) Standard Contractual Clauses (SBS), which are standard in nature and “uniform”, could replace the case-by-case examination requested by the ECJ in its “Schrems II” decision for persons wishing to transmit personal data outside the EEA. Tax guarantees (in addition to the tax agreement) are due to the fact that once concluded, the buyer can benefit from additional protection for larger tax debts than he had anticipated after consulting the seller`s records (e.g. B the way in which tax allowances and reliefs were calculated).

When it comes to M&A transactions, there will always be a tension between compliance with data protection legislation and the need to ensure respect for business sensitivity and confidentiality, especially when it comes to listed securities. Ultimately, it`s a risk-based decision of what to hand over and when, that the seller has to make. Asset sales – The identity of the controller changes in connection with an asset sale and the persons concerned must be informed after completion. When the buyer receives personal data, he is obliged to provide a privacy policy to each of these persons within a reasonable time and, in any case, within one month. The Directive should contain information on the personal data processed and for what purposes, the relevant legal basis on which any processing activity is based, the extended rights of the data subject, which apply in accordance with the GDPR, the identity of all recipients of the data, including possible exports from the EEA, retention periods and the existence of an automated decision. The seller may want to agree on a prefabricated with the buyer to ensure that the buyer is ready to apply the new directive.. . .


Pin It