Visit fondia.com
The content concerns Finnish legislation.
 

Personal Data in Mergers and Acquisitions

Nearly all companies collect notable amounts of personal data on their customers and employees as part of their business activities. These data sets can be valuable in a business transfer, merger, share sale or other acquisition, because they usually have effects on the value and continuity of the company’s business.

To the extent the data sets contain personal data, there are certain points to consider before any personal data is disclosed to potential buyers:

  1. Under what conditions can personal data related with the object of transaction be presented to buyer candidates before the transaction; and

  2. Under what conditions can such personal data be transferred at a later stage to the buyer as part of the transaction.

Typically, at least some data on company personnel is disclosed to buyer candidates in the course of acquisition negotiations. It is necessary to obtain necessary non-disclosure commitments from the candidates (either under separate non-disclosure agreements or a letter of intent) before any personal data is disclosed, to ensure that the personal data is processed lawfully.

The disclosing company should also evaluate the amount of personal data it intends to disclose to a buyer candidate. In general, this question arises in connection to the disclosure of personal data pertaining to employees and the company’s consumer customers.

During the negotiation phase, it is recommended to disclose information on employee salaries in an aggregated and summarized form instead of specifying individual salary data. The same rule of thumb applies to other personal data as well: as a ground rule all personal data should be provided in an aggregate form so that it cannot be connected to any individual employee.

However, it is possible to provide more detailed information on key personnel already during the negotiation phase. Primarily, this should be done with their consent.

With the closing of the acquisition all personal data files which are part of the transaction are normally transferred from the seller to the buyer, so that the privacy policies become binding on the buyer in relation to relevant data subjects. Data subjects should be informed of the acquisition when it is completed.