Non-Disclosure Agreements (NDAs) have had a bad press recently because of their questionable use by powerful individuals (such as Harvey Weinstein) to prevent the disclosure of alleged unlawful behaviour.
On a more mundane level, NDAs are regularly used at the early stages of most corporate and commercial transactions as the parties look to share confidential information. It is important for each party to know that information shared will only be used for the agreed purpose, such as determining whether to buy a target company, and not used for anything else or shared with other parties.
The form of a commercial NDA has become fairly well established but recent changes to the data protection regime and the increased emphasis on the new rules brought in under the GDPR has meant that most of the NDAs that we are seeing do not protect the parties in the way they should.
It is highly likely that, as part of the information sharing exercise that follows the signature of an NDA, the parties will share personal data. This could be employee information, customer details or shareholder information. It is vital that the NDA deals with the arrangements for the processing of such data and sets out which parties will be data processors and which will be data controllers.
The disclosing parties also need to consider whether any personal data is going to be transferred out of the EEA, for example if the buyer is in the USA, and make sure that additional protections are included.
If you are considering entering into an NDA on any matter please feel free to contact Andrew Hoad of PDT Solicitors LLP on 01403 831233 or firstname.lastname@example.org to discuss whether the NDA needs updating to incorporate the relevant GDPR protections.