GDPR to have limited impact on M&A activity

Dealmakers believe that the new General Data Protection Regulation (GDPR) will likely only have a modest impact on M&A activity in the EU, according to a recent survey conducted by Merrill Corporation.

GDPR, the EU’s most significant overhaul in its privacy guidelines in more than two decades, will go into effect on May 25, 2018. The European Commission’s aim is to give citizens more control over their personal data by applying stringent standards in areas such as data consent and notification of breaches.

The survey suggests dealmakers are not daunted by the risk of serve penalties for non-compliance. Potential fines for businesses may reach 4 percent of annual revenue, or 20 million euros, whichever is higher.

Key findings

• A strong majority of respondents (80 percent) are highly to moderately confident in the ability of their organisation, and its vendors, to be fully compliant with GDPR.
• Nearly half of the survey respondents (46 percent) believe that GDPR will have very little impact on deal making, while 42 percent indicated it would have moderate influence as a business priority.
• Over half of the survey respondents (56 percent) do not believe that the EU will become less attractive for M&A activity because of GDPR; 26 percent of respondents indicated that, at this juncture, it is too soon to gauge what impact it may have on deal making.

“The survey results reflect a general view among dealmakers in Europe that GDPR, beyond its likely negligible impact on near-term M&A activity, will be an opportunity for businesses to closely monitor how data is being acquired, stored and shared,” said Hilary London, Merrill’s General Manager, EMEA. “Updated data protection laws also present new challenges for dealmakers, most notably the threat of heavy fines for non-compliance. For the most part, however, it is business as usual, with much of the framework to support compliance already in place for most organizations.”