Data protection during an asset deal

Since the assets are being transferred, so are usually the customers datasets which are administrated in databases. The new European General Data Protection Regulation (GDPR) clarifies how customer data has to be handled during an asset deal. This problem doesn’t arise during a share deal since the databases stay in the same company.

Under the directive No. 95/46/ES it wasn´t clear how the customers data has to be handled during an asset deal. It allowed the transfer of data if the interests of the customer didn´t outweigh those of the seller. The difficulty arose when it wasn´t clear whether the interests of the customer did outweigh those of the seller.

Under the new GDPR regime there is no doubt that customers have the right to object to the usage of their data. Any previous consent for data processing can also be withdrawn at any time. If neither is the case it is possible to transfer the customer data if the assets are bought by transfer of contract. In other variations of asset deals it is still possible to transfer the data if there is a legitimate interest of the buyer or the seller. However, if the data includes sensible components like health records, the customer has to actively consent.