Has the data privacy authority issued any guidance on data privacy compliance in the context of transactional activity (including, but not limited to, share sales, asset sales, reorganizations or spinouts)?
Last review date: 20 December 2024
No
In the context of an asset sale (the sale of a separate business unit as a going concern), does the acquiring entity inherit liability for pre-acquisition data privacy or cybersecurity breaches (connected with the assets that are the subject of the asset sale)?
Last review date: 20 December 2024
No
In the context of a share sale (where the acquiring entity acquires 100% of the shares of a target company), does the acquiring entity inherit liability for pre-acquisition data privacy or cybersecurity breaches (connected with the target company)?
Last review date: 20 December 2024
No
Liability for pre-acquisition data privacy and/or cybersecurity breaches generally remains with the target company. The acquiring entity does not assume this liability by acquiring the shares in the target company. However, the acquiring company would typically seek warranties and/or indemnities from the seller regarding potential liability or loss resulting from non-compliance with data privacy requirements or data privacy breaches that occurred prior to the acquisition. This is to protect and compensate the acquiring company for any pre-acquisition data privacy or cybersecurity breaches connected with the target company.