BELGIUM Law and Practice Contributed by: Steven De Schrijver, Allegiance Law
10 July 2023. By doing so, the EC confirmed that personal data transferred to the USA under the DPF is adequately protected in line with the rules on international data transfers imposed by the GDPR. Data Protection Considerations During Due Diligence of Target In order to avoid acquiring non-compliant busi- nesses, buyers must conduct a comprehen- sive evaluation of the target’s data protection compliance. Identified non-compliance can be addressed before closing or factored into risk assessments, valuations, or indemnification mechanisms. Conducting a post-closing data protection audit is suggested so as to remedi- ate potential breaches quickly. The due diligence process should involve requesting various docu- ments from the seller to assess the target’s data protection compliance status, covering process- ing activities, relevant documents, IT and secu- rity measures, expert assessments, data breach documentation, impact assessments, IT pro- gram compliance, cybersecurity policies, legal proceedings, disputes and insurance coverage. Non-compliance with data protection laws in a target’s data-processing activities poses signifi- cant risks for buyers, as violations of the GDPR can result in fines of up to EUR20 million or 4% of the total worldwide annual turnover. Recent high-profile data breaches underscore the risks associated with data security, exposing compa- nies to liabilities from shareholder lawsuits, gov- ernment investigations, remediation costs and reputational damage. Juniper Research predicts that the global cost of data breaches will reach USD5 trillion by 2024. National data protection authorities – including the Belgian Data Protec- tion Authority – have imposed substantial fines, emphasising the GDPR’s importance.
Buyers must also consider the impact of new regulations such as the EU AI Act, which intro- duces transparency, risk management, and accountability requirements that extend to data governance practices for AI systems. This regu- lation, effective as of 1 August 2024 with phased implementation, underscores the importance of responsible data management practices that align with EU data ethics and security stand- ards. Fines for not complying with the EU AI Act could go up to 7% of the global annual turnover for violations of banned AI applications, up to 3% for violations of other obligations, and up to 1.5% for supplying incorrect information. In accordance with Belgian public takeover bid regulations, only the FSMA is authorised to declare a public takeover bid and – prior to the FSMA’s public announcement – no party (includ- ing the bidder or the target company) is allowed to disclose the initiation of such a bid. This restriction applies even if the target company is obligated to announce the bid launch under the general disclosure obligations. A bidder intending to declare a public takeover bid must first notify the FSMA of its intention and secure the FSMA’s approval before making the official announcement. Simultaneously, the bidder must complete the requisite filings for the actual initiation of a public takeover bid, which includes providing evidence of funding certain- ty in the case of a cash offer and submitting a draft prospectus. Once a public takeover bid is announced, withdrawal is typically not permit- ted, except in specific circumstances. 10. Disclosure 10.1 Making a Bid Public
33
CHAMBERS.COM
Powered by FlippingBook