Transaction Due Diligence - Privacy and Security Review
October 12, 2021
Transaction Due Diligence - Privacy and Security ReviewDownload Service Sheet
Driven by strict global privacy regulations and increased severity of data breaches, many businesses today are prioritising privacy and security of their data. As more transactions involve valuable data assets, privacy and security are now critical components in due diligence. But unaddressed data risks can significantly impact valuations, deal value and risk allocation profiles.
Combining industry-leading global privacy and security specialists with transaction and valuation experts, FTI Consulting can help protect your transaction by assessing and documenting key data assets and addressing privacy risks during your transaction due diligence.
Building Privacy and Security Into your Due Diligence
The modern data environment poses significant difficulties in due diligence:
- Data assets are a source of value, and must be identified and as such
- Rapidly evolving and increasingly active regulatory environment means that lawfulness of data acquisition and proposed data uses cases may be difficult to assess. Target companies could be carrying unidentified or unmitigated privacy and security compliance risks.
- An increasingly damaging trend of malicious cyber attacks and data breaches mean that acquisition targets will increase the risk for the acquirer and could introduce security risks. Unreported or undiscovered security breaches, or unmitigated security risks may have a significant effect on transaction value.
Understand The Data Risks in a Transaction
FTI Consulting’s multidisciplinary Information Governance, Privacy and Security team can help you quickly and defensibly identify and document data risks in transaction due diligence by:
- addressing the compliance landscape, and assessing applicability of data protection laws around the globe
- reviewing and assessing adequacy of privacy and data governance frameworks, policies and procedures
- mapping data flows, and identifying critical IP and key risk areas
- valuing information assets to support negotiations
- assessing key third-party arrangements and third-party risk
- researching and draft due diligence memoranda
- planning and implementing post-acquisition integration work.
Click here to read the full service sheet