Register Online - Add to Cart


Product ID: 406821EAU

Influence of EU GDPR and New California Privacy Law

OnDemand Webinar (89 minutes)

Violations of the GDPR and CCPA can result in serious liabilities.The EU's General Data Protection Regulation (GDPR) and California's Consumer Privacy Act (CCPA) impose new data privacy obligations and restrictions, at times with extra-territorial scope. Violations of these laws can result in serious liability for U.S. companies even after a merger or acquisition has occurred. Even so, many U.S. companies have not come into full compliance with the GDPR an CCPA, which can result in new liabilities and risks during M&A deals. This topic helps the persons involved on buyer and seller sides of M&As understand the applicability of the GDPR and CCPA to U.S. companies and how to incorporate data privacy compliance into M&A preparation and due diligence. The material also explains how data privacy risks can be addressed in relevant M&A documentation and post-deal integration and system management. As data privacy regulators enforce these new laws and individuals become more familiar with their new data privacy rights, this information is critical for businesses to ensure that their M&A processes protect parties from inadvertent noncompliance.


Oliver Krischik, GKG Law, P.C.


Overview: Influence of EU GDPR and New California Privacy Law

• Data Privacy in Manda Deals

Overview of GDPR and CCPA


- Extraterritorial Scope

- Liability

- Lawful Basis for Processing

- Privacy by Design

- Data Subject Rights

- Breach


- Scope

- Liability

- Consumer Rights

- Consent

- Data Protection

- Breach

Early Stage Activities

• Data Privacy Review (Sell-Side Perspective)

- Identify Applicability of GDPR and CCPA

- Data Mapping

- Identify Gaps and Deficiencies

• Due Diligence (Buy-Side Perspective)

- Designate Party to Audit Data Privacy Practices

- Review Data Mapping

- Pre-Existing Liability and Breaches

Identifying Key Risks

• Privacy by Design (Systemic Issues)

• Data Transfers

• Integrating Data Systems

• Deficient Compliance Procedures

• Breaches

• Unlawfully Processed or Sold Data

Representations, Warranties, Indemnities

• Reps and Warranties

• Indemnities

• Data Privacy Provisions

Ancillary Documents

• Privacy Notices

• Consent Records

• Processing Records

Post-Deal Considerations

• Updating Data Subjects

• Transitional Services (Integrating Data Systems)

• Managing On-Going Use of Databases

• Preserving On-Going Controls

• Updating/Improving Procedures and Controls