The data transfer process in corporate transformations

Building trust during corporate transactions

Executing corporate transactions requires detailed plans to transfer assets and people between seller and buyer. And one of the most important assets that gets transferred is the corporate data the buyer will need to run the business once the transaction is closed.

Data, which can be in digital or physical form, is critical for business continuity. Entire systems may also be shared by “cloning” (copying the entire application) or through system extracts mapped between seller and buyer. Each of these transfer types need to be executed, monitored, and tracked to achieve a smooth transition.

In a corporate transaction, the buyer wants to know everything about their acquisition, and often stipulates what they need as a contractual obligation in the asset purchase agreement (APA). Buyers face the challenge of receiving large volumes of data to integrate into their own company, systems, and file rooms. And they also need reassurance that they have received everything they need to run the business. On the other hand, sellers face the challenge of identifying and providing a broad swath of historical data across formats, geographic locations, and business units to meet their contractual obligation.

To offset the typical challenges of retrieving, transferring, and receiving data—for both the buyer and seller—it is a leading practice to develop a formal corporate data transfer process. Preparing for data transfer can create trust between parties by reducing litigation and business risk, help enable a smooth business transition for continuity, and protect valuable information assets. The formal data transfer process doesn’t need to be overwhelming, burdensome, or complicated; rather, the process should provide visibility and be easily actionable across the relevant seller and buyer parties.

Reducing litigation and business risk

Trust is fundamental to effective corporate transactions and data transfers. Clear communication and oversight can help establish trust between parties and achieve a smooth transition from seller to buyer.

Good communication comes from developing transparency early in the process about data requirements and availability, maintaining a chain of custody to track the data, and providing a forum for managing escalations for disagreement about what data is in scope. But a lack of trust can lead to litigation risk or transaction cost overruns for the seller. A documented data transfer process, executed by a knowledgeable, process-driven team, can help build trust by providing transparency with clear communications channels.

An effective data transfer process can be managed using a centralized database that records the information about what data is to be transferred. The database can also be used as a workflow tool to track and monitor the progress of data transfers during the transition and as a documentation of executed data transfers after the transaction is closed. The documentation of the data transfer process is designed to help mitigate future cost and the risk of a buyer questioning whether the seller has met their contractual obligations.

Achieving business continuity

Business continuity in a transaction is achieved when the buyer gets the data they need to run the business and the seller meets contractual obligations without revealing commercially sensitive data about ongoing operations. It’s important for the buyer and seller to work together to establish a “data perimeter” that identifies the applicable data for transfer and protects the business for both sides.

The amount of data transferred can depend on the assets being sold, number of systems that contain data, and/or the range of geographies in which the information is located. Another consideration is the span of historical data that should consider be shared. If the seller has an established records and information management (RIM) program for data classification and a corporate retention schedule, these can be leveraged to facilitate the process of finding information and assessing the data perimeter.

The corporate retention schedule can also be leveraged at this stage to determine what records are relevant for transfer or what decision points can be reached regarding historical data. The retention schedule describes the length of time records should be held for legal, regulatory, or business purposes. If the data is older than the required period of retention, it may be a candidate for disposition instead of transfer to the buyer. In this way, the data transfer process also lends itself to good recordkeeping practices of timely disposition.

Protecting data safety, integrity, and privacy

Corporate data security is a top priority during the data transfer process. A secure data transfer process and reliable systems are crucial for data integrity, security, and privacy. Sensitive materials, such as human resource information, should be protected and stored in highly secure repositories with limited access.

For the execution of the electronic data transfer, a common practice is to move large volumes of data on secure managed file transfer (MFT) services. MFTs track the chain of custody, generate hash values to check data quality, and provide a record of when the transfers were made. If paper records are being transferred, a physical chain-of-custody form can be included that communicates shipping instructions and a list of contents. Upon receipt, the buyer signs the chain-of-custody form to verify the files are complete. By establishing security protocols and leveraging technology to share data, sellers and buyers can gain higher confidence that the transferred data will be safely delivered.