A recent report by Merrill Corporation has found that the new General Data Protection Regulations, which came into effect in May this year, are crippling merger and acquisition deals.

Researchers surveyed accountants, solicitors and other specialist and found that 54% of solicitors said that a number of transactions had fallen through due to concerns over the target business's data protection policies and compliance.

Specialists have blamed the new regulations for an increase in failed transactions due to potential buyers' concerns over target companies' compliance.

The increase of scrutiny over data protection compliance is complicating deals and prolonging the due diligence process. If a target company is not in compliance, it can result in price reductions, indemnities and even the deal falling through.

The findings of the report highlight the importance of GDPR compliance. Buyers are proceeding with caution and conducting thorough and comprehensive due diligence to ensure the target company has been compliant.

Business owners wishing to sell their company need to ensure that they have appropriate policies and procedures in place, and that they can evidence compliance. Failure to do so could lead to failed transaction or a reduction in price.

A prime example of the adverse effects for sellers is Yahoo! Inc.'s sale to Verizon Communications Inc. which completed with a $350 million price reduction due to data breaches that were discovered prior to completion.

Target companies and sellers should take a proactive approach and ensure that they are able to demonstrate and evidence compliance, and that they have the necessary policies and procedures in place.