Are you at risk from your suppliers mishandling data breaches?
I’ve seen a few suppliers make classic errors dealing with breaches in their client’s data. Here are the top three errors suppliers make and 5 suggestions to avoid them!
So, you’ve been waiting for years for this. You have built your company up, done all the right things and finally an offer comes in the door from a prospective purchaser. They are just the right fit – a multi-national organisation saying all the right things with an offer that might just see you sitting on that island in Bermuda after years of hard slog.
The data room is set up and the purchaser starts the due diligence phase. It’s ok – you’ve got all this covered. But wait...there’s a full page of due diligence questions on data protection!
When it comes to the GDPR, many companies are operating a “surface-level” compliance strategy. They might have updated their privacy statement (Marie explains just how important this is here), provided some basic training for employees and maybe put a Data Protection Policy in place. That’s it – JOB DONE, what was all the fuss about?
Many of Fort Privacy’s clients are preparing for M&A activity or are currently in the hot seat in the due diligence phase. And the due diligence process is asking in-depth questions. Not simply whether you have documentary evidence of compliance but checking if you can demonstrate compliance.
Here is a summary of the 12 most common M&A due diligence questions when it comes to data protection. How well can you answer these questions?
It would be more than a little bit difficult to get past these questions with just a privacy statement and some training. Any prospective purchaser is going to want to know that you have your house in order.
At best, it’s going to affect the purchase price and/or the warranties being asked of the seller because (i) the purchaser has a big job to do after the acquisition and (ii) the acquisition will be viewed as a much riskier proposition.
At worst – the purchaser walks away. There’s always a possibility that a nervous purchaser with doubts over the acquisition might walk away if the due diligence responses are not up to scratch.
There are lots of reasons why it’s a good idea to be more than compliant at a surface level with the GDPR. In the M&A playing field where there’s always another company competing for that golden opportunity, it’s vital to put some real work into your GDPR compliance programme – it will save you a lot of heartache in the long run. Contact Us if you need help with getting M&A ready. We can assess your current compliance levels and get you to well-positioned to answer the hard questions.
When a prospective buyer in a Merger and Acquisition is doing their due diligence on the seller part of this process will invariably be a full page of protections on data protection. Avoid the common pitfalls by downloading our guide on due diligence.
Fort Privacy processes your personal data in order to respond to your query and provide you with information about our products and services. Please see our Data Protection Statement for further information
I’ve seen a few suppliers make classic errors dealing with breaches in their client’s data. Here are the top three errors suppliers make and 5 suggestions to avoid them!
The General Data Protection Regulation is “risk” based legislation. This means that the protective measures an organisation implements should correspond to the level of risk associated with their data processing activities. It’s worth noting that the risk that should be considered here, is the risk to the data subject as opposed to risk to the business of non-compliance.
Data Protection Programmes are all the rage these days. It’s great to see the compliance conversation moving in this direction. As a Data Protection Officer (DPO), I know the difference between working with a solid data protection programme and working with none and all.