Due Diligence Playbook - GDPR Compliance
- Discover: Assess the current state of personal data processing within the target.
- Plan: discover how the target is planning to drive the organization towards full GDPR compliance.
- Protect: Assess how the target is taking measures to protect all identified personal data.
- Enhance: Assess the state of a target’s ongoing compliance program privacy assessments.
GDPR applies for any company located in or holding, using or processing personal data about individuals located in the EU. The penalties for failing to comply can be severe, including a fine of up to €20m or 4% of annual group turnover (whichever is greater).
Since 25th May 2018, acquirers need to engage in a much more comprehensive due diligence process to fully assess a target’s compliance with GDPR. Understanding how a target collects, stores, uses and transfers personal data, as well as the details of any historical data breaches, is now vital in understanding the valuation and risks associated with a transaction.
The goal of the Midaxo GDPR Due Diligence framework is to help companies manage security and privacy effectively in order for them to demonstrate compliance with GDRP and reduce the potential exposure to fines. The Midaxo GDPR due diligence playbook will guide you across a target’s GDPR journey – from readiness to on-going compliance.
Set your GDPR due diligence apart from the competition using Midaxo and the dedicated GDPR due diligence Playbook. Designed and updated by GDPR experts to ensure you are aware of the latest changes to regulations, etc.
It is essential to understand the level of a target company’s GDPR compliance as this can have a material impact on the cost of the acquisition. If the company being acquired is in a poor state, this could lead to significant exposure and a lot of expense and work to put the appropriate protections in place.
It is also critical for an acquirer to conduct a gap analysis to assess the target’s GDPR readiness so that they understand what work will be needed post completion to bring the company into a state of full compliance. Not only will the purchaser need to assess the risk of non-compliance, but also the cost of any changes, in particular, systems-based changes required.
The playbook includes 48 sample documents to illustrate the level of compliance a target should be maintaining across GDPR.
A comprehensive GDPR framework to benchmark a target’s GDPR compliance against.
*Note: The Due Diligence Playbook for GDPR Compliance is available to Midaxo customers at an additional cost.