Webcast: Conducting Effective Cybersecurity and Privacy/Data Protection Diligence in M&A Transactions

July 13, 2021

In the last several years, M&A transaction planners have become increasingly focused on cybersecurity, privacy, and data protection risks, as technology advances and the regulatory regimes evolve. This recorded webcast focuses on how to design and manage an effective cybersecurity and privacy diligence plan. A group of experts, including US and European cybersecurity, privacy, and data protection lawyers, as well as M&A lawyers, discuss, among other things:

  • The principal risks under relevant U.S. and European law
  • The impact of the target company’s industry sector on the scope of the exercise
  • The role of the buyer’s and seller’s internal experts, as well as outside consultants.
  • Red flags that suggest the possibility of significant issues
  • Key practice pointers

View Slides (PDF)


Ahmed Baladi is a partner in the Paris office and Co-Chair of the firm’s Privacy, Cybersecurity and Data Innovation Practice Group. His practice focuses on a wide range of privacy and cybersecurity matters including compliance, investigations and procedures before data protection authorities. He also advises companies and private equity clients in connection with all privacy and cybersecurity aspects of their cross-border M&A transactions.

Stephen Glover is a partner in the Washington, D.C. office and a member of the firm’s Mergers and Acquisitions Practice Group. Mr. Glover has an extensive practice representing public and private companies in complex mergers and acquisitions, including SPACs, spin-offs and related transactions, as well as other corporate matters. Mr. Glover’s clients include large public corporations, emerging growth companies and middle market companies in a wide range of industries. He also advises private equity firms, individual investors and others.

Saee Muzumdar is a partner in the New York office and a member of the firm’s Mergers and Acquisitions Practice Group. Ms. Muzumdar is a corporate transactional lawyer whose practice includes representing both strategic companies and private equity clients (including their portfolio companies) in connection with all aspects of their domestic and cross-border M&A activities and general corporate counseling.

Alexander H. Southwell is a partner in the New York office and Co-Chair of the firm’s Privacy, Cybersecurity and Data Innovation Practice Group.  He is a Chambers-ranked former federal prosecutor and was named a Cybersecurity and Data Privacy Trailblazer” by The National Law Journal.  Mr. Southwell’s practice focuses on privacy, information technology, data breach, theft of trade secrets and intellectual property, computer fraud, national security, and network and data security issues, including handling investigations, enforcement defense, and litigation. He regularly advises companies and private equity firms on privacy and cybersecurity diligence and compliance.

Cassandra Gaedt-Sheckter is of counsel in the Palo Alto office where her practice focuses on data privacy, cybersecurity and data regulatory litigation, enforcement, transactional, and counseling representations. She has substantial experience advising companies on legal and regulatory compliance, diligence, and risks in transactions, particularly with respect to CCPA and CPRA as one of the leads of the firm’s CCPA/CPRA Task Force; GDPR; Children’s Online Privacy Protection Rules (COPPA); and other federal and state laws and regulations.

Vera Lukic is of counsel in the Paris office where her practice focuses on a broad range of privacy and cybersecurity matters, including assisting clients with multinational operations on their global privacy compliance programs, cross-border data transfers and data security issues, as well as representing clients in investigations, enforcement actions and litigation before the French data protection authority and administrative courts. She also regularly advises on data privacy aspects of M&A transactions, including with respect to carve-out and transition issues.

Lisa Zivkovic, Ph.D is an associate in the New York Office.  She is a member of the Firm’s Privacy, Cybersecurity and Data Innovation, Technology Transactions, and Litigation practices groups. Ms. Zivkovic’s doctorate is a comparative history of data privacy in the US and European Union. She advises a wide range of clients, including technology, financial services, data aggregation and analytics, vehicle, and telematics companies, on new and complex legal and policy issues regarding global data privacy, cybersecurity, artificial intelligence, Internet of Things, and big data.


This program has been approved for credit in accordance with the requirements of the New York State Continuing Legal Education Board for a maximum of 1.0 credit hours, of which 1.0 credit hours may be applied toward the areas of professional practice requirement.

This course is approved for transitional/non-transitional credit. Attorneys seeking New York credit must obtain an affirmation form prior to watching the archived version of this webcast. Please contact [email protected] to request the MCLE form.

Gibson, Dunn & Crutcher LLP certifies that this activity has been approved for MCLE credit by the State Bar of California in the amount of 1.0 hours.

California attorneys may claim “self-study” credit for viewing the archived version of this webcast. No certificate of attendance is required for California “self-study” credit.