If you have a business that you are planning to sell then you will have to go through many processes before the sale completion. You need to understand the steps in selling your business and one of these is due diligence.
During a merger or acquisition transaction, you must set up a data room to allow transparency and allow access to financial and other important records to the buyer and their legal team.
While you need to allow access to sensitive data and records you also want to keep it away from anyone who is unauthorized and this includes hackers and cybercriminals. To do this you need a data room.
If you don’t understand what a data room is, what it can do for you, and why it is important, then read below.
What exactly is a data room?
In the past, these were actual, physical rooms where records would be stored securely and were known as due diligence rooms. Whenever a merger or acquisition took place the seller would set up a room so that the buyer and their attorneys could access records to make sure everything was legitimate.
In the states, this came about partly due to the Securities Act of 1933 which in turn was formed due to the stock exchange crash. The Securities Act was put in place to allow more transparency and to reduce the chances of fraud during any transactions.
A data room allows the buyer and his legal representatives to undertake a proper review of all records pertaining to a potential acquisition or merger and therefore perform due diligence. This allows the buyer to check for fraud, potential legal problems, and also evaluate how much the acquisition is really worth.
How do modern data rooms work?
Modern versions of due diligence rooms are usually called virtual data rooms now. These VDRs are cloud-based storage solutions and can avoid the obvious inconveniences of physical data rooms.
There are many suppliers of virtual data rooms around the world but they all have some things in common. They provide secure cloud storage for investment banks, financial services, and any other business that needs to store confidential data for mergers & transactions.
These days VDRs are also used to help with initial public offerings or IPOs, raising capital, project management, and anywhere else where speedy by secure access to data is needed by more than one party.
How do people access virtual data rooms?
The owner which in this case would be the seller, or you, would engage the services of a VDR company. You would then have control through software to restrict or allow access to whoever you choose.
There are usually several different controls included in the software and these might be any of the following:
- Redact information for certain users
- Put in place time limits and IP restrictions
- Only allow screen viewing
- Watermark downloads
- Restrict certain records
- Pull-back records when access is revoked
The General Data Protection Act is a European law that protects data from being accessed by unauthorized people or groups. This law protects both individuals and companies. It is also applied in the USA if a company there was processing or holding data from people inside the European Union.
Virtual data rooms offer a level of security that can stop GDPR data breaches and therefore help you to avoid hefty fines.
What happens if someone unauthorized accesses your data?
Different countries have their own data laws and penalties to go with them. In the EU if you suffered a data breach you could be hit with a €20 million fine or 4 percent of your yearly total revenue, whichever one is the highest.
It should be noted that the 4 percent refers to the global turnover so this could amount to a very serious penalty indeed.
When it concerns mergers and acquisitions it can have more far-reaching effects. One perfect example of this is when Yahoo suffered a data breach during their acquisition by Verizon. Unfortunately, right during this very sensitive period, Yahoo suffered the biggest data breach of all time which left 3 billion user’s data exposed in some manner.
The resulting fall-out from this breach was that Yahoo was hit with a $117.5 million fine which was bad enough but then Verizon wiped another $350 million off their valuation before concluding the acquisition.
Can failing to perform due diligence also lead to financial problems?
In the case of Yahoo they received damaging PR, their reputation was hit, they were penalized, and they were acquired for less than was initially hoped. However, if the buyer fails to perform due diligence they can also end up in trouble.
Marriott International acquired Starwood Group in 2016. Then in 2018, Marriott discovered a data breach that affected over 330 million guest’s records. They duly informed the ICO who in turn, performed their own investigation.
The result of the Information Commissioner’s Office’s investigation was that the Marriott data breach was a result of an earlier breach in Starwood’s records, back in 2014. A fine of over $18 was levied for failure to perform due diligence during the acquisition.
A data room is set up to help transactions become transparent and one of the reasons for this is that sometimes even the seller doesn’t realize they have an issue.
How big a risk are cybercriminals?
Out of all the new software and cybersecurity trends, virtual data rooms may be becoming the most popular with banking and finance firms. Many big companies trust their data to virtual data rooms as hackers target individuals and company’s servers.
When selling a business, it is important to keep all confidential and sensitive material away from prying eyes. Hackers and cybercriminals are much more organized than before and they aim to steal your data for financial gain. When it comes to M&A transactions, this data can be worth millions of dollars to the right, or perhaps wrong, people.
Most people understand the need to protect themselves and their data while they are on the internet but it is amazing how much trust companies still place in their systems. Virtual data rooms are specifically put into place to keep data secure with 2-step verification and international standards such as ISO.
How do you choose a data room for your business sale?
Which data room you choose will come down to what functions you need. For most people, the following would be a standard list of requirements:
- Granular tracking
- High levels of security
- Access control
- 24/7/365 customer service
These features and some of the ones previously mentioned allowing you to have full control over your records while still allowing access to third parties.
You need security first, then control over who can see what. The ability to pull back files if you revoke access is very useful to stop data from remaining outside of your control.
As a seller, granular tracking is very important. You can see what the buyer and their attorneys are reading if they return to it, and how long they are spending on certain areas. This will give you an idea of what they see as important or perhaps problem areas.
You can find more information if you visit Firmex.com and then compare your requirements to what they can offer in the way of secure virtual data rooms.
A seller needs a data room to allow buyers and their legal team to access sensitive data securely. This allows due diligence to be performed and gives transparency to the transaction.
Data rooms also allow speedy access at any time of the day and night from anywhere in the world. This means M&A transactions can be completed much faster today than in the past and more securely.
Disclaimer. The views and opinions expressed here are those of the authors. They do not purport to reflect the opinions or views of IdeasPlusBusiness.com.
Any content provided by our bloggers or authors is of their opinion and is not intended to malign any organization, company, individual, or anyone or anything.
For questions and inquiries on the blog, please send an email to the Editor at ideasplusbusiness[at]gmail[dot]com. You can also follow IdeasPlusBusiness.com on Twitter here and like our page on Facebook here.
This website contains affiliate links to some products and services. We may receive a commission for purchases made through these links at no extra cost to you.
The Ideas Plus Business Editorial team is responsible for this post. For collaborations and partnership requests, kindly send an email to the Editorial Team at ideasplusbusiness[at]gmail[dot]com for the terms and conditions. You can also follow IdeasPlusBusiness.com on Twitter here and like our page on Facebook here.