Unauthorized Transfer of Customer Data During an Asset Deal –
Substantial Fines for Both Company Sellers and Buyers!

The series of substantial fines imposed by German data protection supervisory authorities has been continued by the Bavarian State Data Protection Supervisory Authority, which ordered payment of a five-figure penalty fine:

During a company acquisition in the form of an asset deal, customer data – including email addresses – was transferred to the buyer without having obtained the relevant consent from customers. The data protection supervisory authority considers this unlawful and asserts that – depending on the case at hand – a transfer of data is valid only if customer consent has been obtained or if a corresponding opt-out option has been provided.

Complete article click here.