By: Leonardo Neri

Among the main recommendations for a company that is acquiring another in an M&A transaction, the following stand out:

i) Increase the list of documents in due diligence of the target company; ii) Verify whether the target company is in compliance with LGPD;

iii) Compatibility of privacy and information security policies;

iv) Determine the fragility of the operation regarding the impacts of the LGPD;

v) Request for documents and support for audits; and

vi) Analysis of the data processing flow.

After confirming all preventive phases, if risks are still identified during the preparation of the proposal and during the conclusion of the contract, the parties would have some options, such as:

i) Withdraw from the operation by raising prior conditional terms (Ex: MOU);
i) Maintain the terms of the contract by adding: specific compensation clauses and guarantees;
i) The buyer may demand compensation for breach of warranties, due to failure to comply with the LGPD;
i) The seller must clearly define the limit of his liability (quantity, duration and nature of the damages). Example: Loss of opportunity or damage to reputation.