On Demand Audio

GDPR Compliance & Due Diligence for M&A Transactions

(723 reviews)

Produced on October 15, 2018

$ 79 Business, Corporate, & Securities and Privacy & Cybersecurity In Stock
Get started now

$299 / year - Access to this Course and 1,500+ Lawline courses


Course Information

Time 1h 31m
Difficulty Advanced

Course Description

With the implementation of the European Union’s General Data Protection Regulation (GDPR) on May 25, thousands of companies doing business in the EU are now confronting onerous new compliance obligations and a heightened awareness of data privacy and security law issues. In the transactional sphere, data protection considerations are taking an increasingly prominent role in M&A deals as counterparties evaluate each other’s compliance posture to assess potential financial and reputational risks. These developments have had a disproportionate impact in the M&A context, where previously data protection concerns have taken a back seat to other legal considerations.

In this presentation, BakerHostetler partner Melinda McLellan and associate Seth Engel will address key privacy and data security law issues that impact M&A transactions, from diligence to closing.

Learning Objectives:

  1. Identify recent trends in M&A practice and the how data protection considerations have changed the game
  2. Analyze the new EU GDPR’s impact on the legal and regulatory landscape
  3. Ask the right questions early in the M&A process to evaluate a target company’s compliance posture
  4. Get practical suggestions and best practices when handling data privacy issues in an M&A transaction

Credit Information

After completing this course, Lawline will report your attendance information to {{ accredMasterState.state.name }}. Please ensure your license number is filled out in your profile to ensure timely reporting. For more information, see our {{ accredMasterState.state.name }} CLE Requirements page . After completing this course, {{ accredMasterState.state.name }} attorneys self-report their attendance and CLE compliance. For more information on how to report your CLE courses, see our {{ accredMasterState.state.name }} CLE Requirements FAQ .


Melinda L. McLellan


Melinda McLellan is a seasoned privacy and cybersecurity law advisor whose practice focuses on the regulation of emerging technologies, compliance with evolving U.S. state and federal privacy legislation, and cross-border data protection matters. As co-leader of the firm’s EU General Data Protection Regulation (GDPR) initiative, Melinda works with multinational clients to identify, evaluate, and manage the myriad of compliance obligations associated with corporate privacy and information security practices. Her broader practice includes advising on a wide variety of privacy and data security issues, including the use of biometrics, securing the Internet of Things, implementation of blockchain technologies, cybersecurity threats to the financial services and energy sectors, autonomous vehicles, genetic privacy, artificial intelligence, Big Data, information security incident response, and negotiating complex tech transactions.

Select Experience:

  • Advises on compliance with international data transfer restrictions and data localization requirements, including through the implementation of cross-border transfer mechanisms such as the EU-U.S. Privacy Shield framework, standard contractual clauses, intercompany agreements, and binding corporate rules.
  • Developed and implemented EU General Data Protection Regulation (GDPR) compliance programs for numerous U.S. and international organizations, including GDPR applicability analysis, data mapping, data transfer mechanisms, consent mechanisms, “right to be forgotten,” data security assessments, breach response programs, selection of Data Protection Officers, and employee training.
  • Advises companies on new requirements under the California Consumer Privacy Act (CCPA), including by developing broad-based compliance strategies to address other pending state and federal privacy legislation.
  • Counsels clients on regulatory compliance strategies and best practices for private-sector use of cloud computing solutions, biometric authentication, facial recognition technology, geolocation tracking systems, mobile applications, behavioral marketing tools, social media platforms, data analytics services, and other emerging technologies. 
  • Manages complex technology transactions on both the vendor side and the customer side, drafting and negotiating multiparty contracts and outsourcing agreements from the RFP through follow-up compliance assessments.
  • Counsels clients on the development and implementation of enterprise-wide privacy and information security programs, including by creating employee privacy training modules and drafting company codes of conduct, policies, standards, procedures, and guidelines related to the protection of personal data.

Seth Engel


Seth advises clients on cross border transactions, U.S. securities offerings and international dispute resolution. Having practiced in both France and New York, he works hand in hand with public and private companies in Asia, Europe and the United States to advise on strategic transactions and disputes, including advising boards of directors and special committees. He also represents clients in international arbitrations.

Seth previously taught at the Sorbonne in Paris and acted as Assistant Counsel in multiple pre-trial cases at the International Criminal Court in The Hague. He is admitted to the bar in New York and Paris. He attended Georgetown University Law Center and has a Master’s degree from the Sorbonne and from the Institut de Sciences Politiques de Paris.


Elaine S.

Excellent course

Mary O.

Loved the pace of the discussion which enabled coverage of a lot of material over a short period and kept me focused. I might have benefitted from a little more discussion of risks for sellers in failing to adequately disclose issues and whether they are seeing this as an enumerated "Statutory Representation" in current M&A agreements.

Jenik R.

solid, informative, clear and to the point

Thomas L.

Great course!

John A.

This was one of the best programs I have watched. I have been working for some years with entrepreneurs in the Chicago area, and am tolerably familiar with both M&A and GDPR. My concern is educating small businesses which will quickly grow into companies deeply involved in both. I wonder if the presenters have any thoughts they could share about prepping pre money clients.

Todd A.

Excellent detail with GDPR compliance - definitely got the point across.

Ann C.

excellent presentation

Brandie P.

Very timely topic

Frank B.

Really good discussion of the issues and good presentation slides

Robert M.

Excellent practical coverage of the topic.

David T.

Great interaction between these two presenters. Much learned about the importance of GDPR

Lincoln V.

Instructive, informative and fulsome presentation.

Katherine Tracy R.

Very, very informative and presented with great attention to detail.

James G.


Dahyun K.

very good class

Denis V.

Ms. McLellan is an impressive attorney.

Rosemary G.

Presenters were excellent!

Alexandra D.

So good that i will listen to it again

Ian M.

I like the two presenter approach especially like this where there is some back and forth. Very good materials were also included.

Andrew H.

Great CLE

Stephen A.

Very good presentation.

Beth C.

Easier to understand GDPR!

Harrison H.

lively presentation. Could have been dry but it popped. Nicely done.

Stuart P.

very well researched and presented

Thomas D.

Topnotch presenters!

Maeve T.


Load More