Commercial NDAs – no longer fit for purpose?
Non-Disclosure Agreements (NDAs) have had a bad press recently because of their questionable use by powerful individuals (such as Harvey Weinstein) to prevent the disclosure of alleged unlawful behaviour.
On a more mundane level, NDAs are regularly used at the early stages of most corporate and commercial transactions as the parties look to share confidential information. It is important for each party to know that information shared will only be used for the agreed purpose, such as determining whether to buy a target company, and not used for anything else or shared with other parties.
The form of a commercial NDA has become fairly well established but recent changes to the data protection regime and the increased emphasis on the new rules brought in under the GDPR has meant that most of the NDAs that we are seeing do not protect the parties in the way they should.
It is highly likely that, as part of the information sharing exercise that follows the signature of an NDA, the parties will share personal data. This could be employee information, customer details or shareholder information. It is vital that the NDA deals with the arrangements for the processing of such data and sets out which parties will be data processors and which will be data controllers.
The disclosing parties also need to consider whether any personal data is going to be transferred out of the EEA, for example if the buyer is in the USA, and make sure that additional protections are included.
If you are considering entering into an NDA on any matter please feel free to contact Noel Ruddy or Rebecca Glazebrook to discuss whether the NDA needs updating to incorporate the relevant GDPR protections.
The content of this webpage is for information only and is not intended to be construed as legal advice and should not be treated as a substitute for specific advice. PDT Solicitors LLP accepts no responsibility for the content of any third party website to which this webpage refers.