Banks and businesses were all rushing to comply with the EU General Data Protection Regulation (GDPR), which came into effect on 25 May 2018. While data protection regulation is not a new concept in the EU, the GDPR significantly expands the rules on using personal data and increases the risks of processing personal data compared to existing legislation. Even deal parties with little or no footprint in the EU may be affected. Failing to comply with the new rules can have serious reputational and financial consequences for a business, including fines for data breaches of up to the maximum of either Euro 20 million or 4% of global turnover.
Preparing the right documents, filing them correctly, or knowing what to look for can be a challenge for most; but we always tell our clients that conducting due diligence is like receiving free legal advice, especially useful for young and emerging start-ups. Consider it a cheap way to learn a little bit more about how to run a company.
There are a number of issues that should be considered when structuring a deal.
- Should it be a simple tiered structure?
- Should you establish an off-shore holding?
- How about investing through an SPV or using an equity or convertible loan investment?
- Are there regulatory restrictions?
The term “packaged retail and insurance-based investment product” (PRIIP) captures any product that is:
- a packaged retail investment product (PRIP); and/or
- an insurance-based investment product (outside the scope of this note).