
Ask HN: Is GDPR hurting European tech valuations and acquisitions? - seibelj
I heard a concerning anecdote from a friend. He (American) was trying to make a relatively small acquisition of a European SaaS business. 6 figure deal for a company with ~100k MATU. They were running out of cash and needed to be acquired.<p>Ultimately the deal did not go through because of GDPR. I am fuzzy on the exact details, but he claimed that per GDPR requirements, every single customer would have to sign back up for the service and they could not be shifted over to the new company without explicitly opting in. So the MATU would be zero until they re-acquired the users.<p>So the deal did not go through and the company shut down. Has anyone else noticed issues with European valuations and M&amp;A because of GDPR?
======
CloudNetworking
I'd say the law has worked very well in this case: The customers private data
was at risk (being moved out of the jurisdiction that protects it) and an
unscrupulous buyer preferred to pass on the opportunity than assuring the
customers their data was going to be as safe as before.

I see no culprits or bad actors here. Everyone looks after themselves.

~~~
jimrhods23
It may have worked very well. But it will mean that because of these
regulations, there will be less investment in any companies under the EU from
outside companies.

Eventually, the EU will have its own companies and separated Internet. Is this
really a good thing?

~~~
xg15
I can see the case that it might be harmful for the GDP, but how would less
investment translate into a separate internet?

~~~
jimrhods23
Companies are already blocking IP addresses from the EU due to the new GDPR
regulations. As restrictions and laws increase (which seems to be happening
already), it will make sense to just block access rather than deal with
draconian regulations.

The end result will be a separate Internet for people in the EU because so
many sites will be unavailable to them.

~~~
neonhz
Maybe they will block access at the beginning, but here in Europe we have a
huge market and I do not really believe that companies will stay away just
because they cannot steal our data. If so, then we will be very happy about it
and someone else will get their pie slice..

~~~
jimrhods23
It's not about 'stealing data'. It's the vague regulations and overreach by
the EU that will stop companies and investors from entering the EU market.

"If so, then we will be very happy about it and someone else will get their
pie slice.."

An interesting unintended consequence is that small companies will be pushed
out of the market in favor of large companies that have the money to pay for
all of the legal hoops you have to jump through.

A few large players dominating the market is not really in the best interest
of anyone...except the companies that are able to keep out all of their
competitors.

~~~
erik_seaberg
This. GDPR is not merely a list of bad things not to do, compliance requires a
lot of new work and risking huge penalties if someone decides your lawyer
should have interpreted the (untested!) law differently.

------
newdaynewuser
I wish we have this rule in the US. So many times I start getting spam from
random companies that after closer look it turns out they are owner of some
servicev I signed up years ago.

------
laurentl
You can look at it the other way around: GDPR can be a barrier to entry in the
European market, therefore making EU compagnies more resistant to outside
competitors, which increases their valuation.

As a foreign company, if you want to enter the European market you can either
comply with GDPR (which honestly is not that hard despite all the FUD), or
take a stake in an existing EU company, _provided you let it continue
operating as it currently does or at least in a GDPR-compliant way_. Buying a
EU company to siphon off its customer data (even if it’s just to merge with
your own platform) is a big no-no, unless you yourself are GDPR-compliant.

~~~
tmamic
Lack of competition makes you less resistant to competitors.

------
lm28469
It's a very well documented topic. If they planned to move the data out of EU
and/or process it in new way it doesn't surprise me that they'd need to get
new agreements. But if you don't have the details it's hard to tell.

[https://www.dickinson-wright.com/news-alerts/the-gdpr-and-
me...](https://www.dickinson-wright.com/news-alerts/the-gdpr-and-mergers-and-
acquisitions)

[https://www.bakermckenzie.com/en/insight/publications/2018/0...](https://www.bakermckenzie.com/en/insight/publications/2018/06/the-
impact-eu-gdpr-on-ma)

[https://gdpr.report/news/2018/06/21/buyer-
beware/](https://gdpr.report/news/2018/06/21/buyer-beware/)

------
alvalentini
Well, GDPR wasn't created to maximise profit or simplify the production of
shareholder value. So... there.

