Recent enforcement actions by the Bavarian Data Protection Authority (DPA) [Bayerisches Landesamt für Datenschutzaufsicht] highlight the importance of severe restrictions placed on the transfer of such data, even in the context of a merger/acquisition deal scenario. Specifically, on July 30, 2015 the Bavarian DPA announced that it has fined two companies, both the seller and the acquirer, in an asset deal with a five figure EUR sum for transferring customer e-mail-addresses collected during operating an online shop in violation of the German Federal Data Protection Act. Clients should expect to see more of these actions in the future, given the Bavarian DPA’s announcement that it will pay increased attention to data protection compliance in asset deals and shall accordingly monitor and fine the companies breaching the legal requirements with more persistence.

READ MORE →