If the sale of the database is part of a share purchase transaction, the person in charge of the processing remains the same. Nevertheless, the buyer wishes to be satisfied, as part of due diligence, that the data protection requirements for the database are being met. Personal dataInformation relating to an identified or identifiable individual…. is one of a company`s most valuable assets. Understanding and realizing its value is an important factor in buying and selling a business. With regard to assisting clients involved in merger and acquisition transactions, DPO`s experience shows that data protection considerations boil down to four fundamental issues: if the parties reach an agreement on the transaction after due diligence, they will sign a contract to seal the deal. Such an agreement can be either a share purchase agreement, a contract to purchase assets, or a combination of the two. Where specific violations have been found in the due diligence procedure, the purchaser must check, given the seriousness, whether the seller expects the seller to correct these violations before closing or assume the associated economic risks (such as fines or damages). In the case of offences that can be corrected relatively easily (for example. B no DSB has been named), a precondition for the transaction may be such as to require the seller to correct the infringements before the transaction is concluded. If, during the due diligence phase, an identifiable risk, such as. B the absence of data processing agreements, is discovered during the due diligence phase, a specific compensation or a price correction could provide a solution.