Insider information, GDPR and the impact on M&A, Capital Markets and BRS transactions

04/03/2020

Insider information, GDPR and the impact on M&A, Capital Markets and BRS transactions

GDPR breaches have enormous consequences for M&A, Capital Markets and BRS transactions. GDPR regulations impose criminal and civil sanctions for breach, have a high likelihood of enforcement action by regulators, carry significant fines, and run the risk of severe reputational damage to clients and their advisors.

It’s not only the threat of personal data breaches under GDPR which can cause lasting damage. Price-sensitive, highly confidential information, if leaked, can have severe repercussions on your deal and can also result in criminal and civil sanctions.

Yet many companies and their advisors don’t pay enough attention to the business practices of suppliers of services such as financial printing, virtual data rooms and online investor roadshows, who routinely handle both personal data and price-sensitive or ‘insider’ information.

How does B&C differ from its peers?

Outsourcing

Unlike almost all of our peers, we don’t outsource critical functions such as typesetting, proofing or data personalisation. At Black&Callow, these essential functions are undertaken entirely in-house in London by our skilled typesetters and DP specialists, strictly controlled by our confidentiality policies and in a controlled environment. This means greater information security and confidentiality, as well as flexibility and control, throughout the process.

Offshoring

Offshoring these services overseas may mean that other suppliers can offer cheaper prices. It’s worth bearing in mind, though, that not only do you have no idea who’s handling your sensitive data, but also accuracy invariably suffers when English is not the sub-contractor’s first language. And that means more mistakes, a slower process and the risk of jeopardising your deal.

Transparency & data retention

We have strict rules about data retention which tie-in with our policies of retaining key services in-house. Data is stored in line with our strict GDPR guidelines only for as long as it’s needed, then is securely deleted or destroyed: that applies to everything from confidential proof documents during in-house drafting sessions, to personalisation data needed for shareholder mailings. This policy can be found on our website.

Data room considerations

Black&Callow’s data room partner, Intralinks, has the highest security accreditation in the market. Intralinks’ security model comprises six disciplines and technologies that include data sovereignty, governance and compliance, and four security levels: file, application, platform and operations. Together, these provide clients with the processes, controls and reporting required to safeguard their data and operations while exceeding regulations and reducing risk.

For more information about how we can ensure your deal has the greatest possible security, contact Chris Callow or Tim Black on +44 (0)20 3794 1720.

Back to News