Spanish national court confirms that data protection infringements are retained post-merger
Published 15 October 2014
On 24 October 2014 the Spanish National Court confirmed the Spanish Data Protection Authority's decision of 14 November 2013 that the surviving company post-merger will be liable for data security breaches committed by any target company, and so in this case was liable to pay a EUR 6,000 sanction imposed as a result of the target company's infringement.
This case emphasises the importance of adequate and comprehensive due diligence on target companies prior to any merger or acquisition.
What action could be taken to manage risks that may arise from this development?
Companies with presence in Spain undertaking any mergers or takeovers, should ensure adequate due diligence is undertaken on the target company.