PDPA application to M&A transactions



PDPA application to M&A transactions

Date Published: 26 August 2019

Authors and Contributors: Bill Jamieson and Goh Wan Shuen.


The “Business Asset Transaction” consent exception and its application to share sale transactions

Share sale transactions commonly involve the disclosure of data, financial information and key contracts of the target company to the buyer, before a share sale agreement is signed. Such disclosures are often made during the process of due diligence in order to allow the prospective buyer to consider the risks and benefits involved in the potential purchase. While general considerations of confidentiality of the target’s information have long been a factor in managing information flows in an M&A transaction, more recent developments in the importance of “data” in business models and laws protecting “personal data” mean it is relevant to consider in particular how the relevant data protection law applies to disclosure to a prospective buyer of personal data of the target company’s employees and customers.

While the confidentiality of the information disclosed can (at least in theory) be protected by a robustly drafted non-disclosure agreement, any disclosure of personal data by the seller and the consequent collection and use of the personal data by the prospective buyer has to comply with the Personal Data Protection Act 2012 (“PDPA“). The PDPA, which came into force on 2 January 2013, regulates all collection, use and disclosure of personal data by organisations.

This video briefly discusses the consent obligation under the PDPA, focuses on how parties can avail themselves of the “business asset transaction” consent exception (“BAT exception”) and highlights some of the key considerations that parties relying on the BAT exception may wish to take note of, particularly in the context of a share sale transaction.


Disclaimer: This update is provided to you for general information and should not be relied upon as legal advice.


CNPLaw’s Mergers and Acquisitions Lawyers

Bill Jamieson is a Partner at CNPLaw LLP. Bill is an English lawyer who is also registered to practise Singapore law in the areas of corporate law, banking and finance and securities laws. He enjoys working in the diverse and dynamic Asian market and helping his clients to achieve their goals.

    Bill’s practice focuses on corporate financing transactions, investment funds, mergers and acquisitions, private equity, and employment law matters. His experience includes 10 years in the City of London and over 20 years in Asia. Before joining CNP, Bill was a partner in a well-known international law firm. He is recommended lawyer for Corporate and M&A, Banking and Finance, Investment Funds and Labour and Employment in Legal 500 Asia Pacific 2021. Bill is one of the firm’s contacts for Interlaw, a network of independent full-service corporate law firms ranked by Chambers and Partners in its highest category, “Elite”, amongst all global law firm networks.

    Each M&A deal entails the confluence of multiple legal disciplines. That is why we take great care when assembling a team for each deal, ensuring that there is an optimal mix of specialisation in the clients’ identified areas of concern, such as taxemployment and intellectual property, and necessary industry-specific experience.

    We provide support to our clients at every stage of the deal. We will be there at the beginning of the process, helping to facilitate the negotiations between the parties and advising on the structure of the transaction. Once the parties have reached a consensus, we meticulously prepare the necessary documentation. Recognising that M&A deals are often the first page of a new chapter for the parties involved, we also provide post-transaction support to ensure a smooth transition such as the preparation of shareholder agreementsemployment agreements, and other relevant commercial documentation.

    With the prevalence of technology and increasing connectivity through the internet, cybersecurity and data protection are areas that have grown more important in Singapore.

    Since the introduction of the Personal Data Protection Act 2012 (“PDPA), it is mandatory for organisations to comply with data protection rules and we strive to help our clients understand that compliance with the PDPA is no longer an option.

    At CNPLaw, we have worked with our clients and helped them navigate through a variety of data protection issues, which include: reviewing existing policies in order to advise on our client’s compliance with the law, highlighting possible legal risk areas and drafting appropriate documents including personal data protection policies and website terms of use.

    We also advise our corporate clients in relation to ad hoc queries on potential breaches of the law and the PDPA, and highlight data protection issues that may arise in the context of employment or HR policies.