Data Governance in M&A Transactions

A data governance program must be driven by an ambitious vision and backed by a solid business case. It must define the roles, processes and technologies required to support your data governance strategy. It should also set the scope of your programs, including data quality, mastering, data security and more. You can use the business case as a guide to help prioritize your projects and activities, while the vision defines your broad strategic objective.

The Personal Data (Privacy) Ordinance (“PDPO”) in Hong Kong imposes certain regulatory requirements on the collection, processing, handling and use of personal data through six data protection principles. It is administered by the Office of the Privacy Commissioner for Personal Data (“PCPD”).

Under PDPO, “personal data” refers to any information relating to an identifiable natural person (e.g. name, identifying number, location data, online identifier and factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person). The definition of personal data in PDPO has not been updated since it was first enacted in 1996. It is however in line with the definition of personal data in other legislative regimes such as the Personal Information Protection Law in mainland China and the General Data Protection Regulation in the European Economic Area.

A common requirement in cross border M&A transactions involves the sharing of personal data between newly structured groups, particularly where the target company is a member of a multinational group. This is due to the necessity of performing pre-merger due diligence and integration of operations in a target group, or as part of anti-money laundering/know your customer (AML/KYC) checks.

In order to comply with the PDPO, personal data transferred out of Hong Kong must be done so in accordance with one of the six Data Protection Principles, which must be reflected in any written documentation containing that data. This includes the sending of a copy of the written record to the data subject whose personal data is being transferred.

The main challenge in a cross-border data transfer deal between Hong Kong and mainland China is the differences in their respective regulatory frameworks, according to an EY Greater Bay Area consulting partner. Negotiations will take time, he said, and they should be conducted jointly by both parties to ensure that any agreement is consistent with local legislation.

Tech Data Distribution (Hong Kong) Ltd (“Tech Data HK”), a global distributor and solutions aggregator for IT ecosystems, has entered into a distribution partnership with Allied Telesis, an international IT infrastructure vendor. Through this collaboration, Tech Data HK and its customers can improve their IT efficiency and business agility with Allied Telesis’s comprehensive range of high-performance network solutions. This will ultimately help them enhance their competitive edge and drive growth in the Greater Bay Area and beyond.