General Data Protection Regulation to Have Limited Impact on M&A Activity

Nov 02, 2017

Dealmakers believe that the new General Data Protection Regulation (GDPR) will likely only have a modest impact on M&A activity in the EU, according to a recent survey conducted by Merrill Corporation, a leading provider of virtual data rooms and services for regulatory disclosure. This survey was conducted as part of the company’s ongoing webinar series on various M&A topics, and included industry experts plus nearly 500 dealmakers.

GDPR, the EU’s most significant overhaul in its privacy guidelines in more than two decades, will go into effect on May 25, 2018. The European Commission's aim is to give citizens more control over their personal data by applying stringent standards in areas such as data consent and notification of breaches. The survey suggests dealmakers are not daunted by the risk of serve penalties for non-compliance. Potential fines for businesses may reach 4 percent of annual revenue, or 20 million euros, whichever is higher.

Key findings among the participants include:

  • A strong majority of respondents (80 percent) are highly to moderately confident in the ability of their organisation, and its vendors, to be fully compliant with GDPR.
  • Nearly half of the survey respondents (46 percent) believe that GDPR will have very little impact on deal making, while 42 percent indicated it would have moderate influence as a business priority.
  • Over half of the survey respondents (56 percent) do not believe that the EU will become less attractive for M&A activity because of GDPR; 26 percent of respondents indicated that, at this juncture, it is too soon to gauge what impact it may have on deal making.

“The survey results reflect a general view among dealmakers in Europe that GDPR, beyond its likely negligible impact on near-term M&A activity, will be an opportunity for businesses to closely monitor how data is being acquired, stored and shared,” said Hilary London, Merrill’s General Manager, EMEA. “Updated data protection laws also present new challenges for dealmakers, most notably the threat of heavy fines for non-compliance. For the most part, however, it is business as usual, with much of the framework to support compliance already in place for most organizations.”

For a replay of the Merrill webinar, go to

About Merrill Corporation

Merrill Corporation provides technology-enabled platforms for secure content sharing, regulated communications and disclosure services. Clients trust Merrill’s innovative applications and deep subject expertise to successfully navigate the secure sharing of their most sensitive content, perfect and distribute critical financial and regulatory disclosures, and create customized communications across stakeholders. With more than 3,000 people in 34 locations worldwide, clients turn to Merrill when their need to manage complex content intersects with the need to collaborate securely around the globe.


Media Relations

Kris Slethaug


Investor Relations

Bradley Carlson

I agree

This site uses cookies to offer you a better experience. For more information, view our privacy policy.