Experts Explain: “Virtual Data Room”

This is not about scientific-legal precision, linguistic subtleties, or exhaustive presentation, but rather about conveying or refreshing the basic understanding of a term and providing some useful insights from consulting practice.

What is a “Virtual Data Room”?

A “Virtual Data Room” (hereinafter “VDR”) is, in simple terms, an online or internet-accessible archive of typically sensitive documents and information.

The VDR plays a particularly important role in M&A transactions and the due diligence that usually accompanies them (this refers to the careful examination of the company to be acquired/sold from legal, tax, and business perspectives).

M&A transactions in general and due diligence processes in particular inevitably involve the exchange of sensitive and confidential information between the parties involved, such as companies, investors, advisors, and lawyers. The VDR provides a secure platform where this information can be exchanged. In practice, VDRs are typically provided by external vendors, of which there are now many on the market.

In general, the importance of VDRs has increased significantly over the last 10–15 years, primarily due to greatly improved and rapidly evolving technical capabilities. This also applies to “smaller” transactions, although it is still not uncommon for data and information to be provided via internal exchange platforms or USB drives rather than through an external provider.

Before the establishment of VDRs, data was not provided in digital form but rather in a physical data room—that is, actually in the form of paper files in premises accessible only to certain persons involved in the transaction. The premises were then located, for example, in the office of a tax advisor or lawyer, or directly on-site at the company to be acquired. Access was granted only to the party interested in the acquisition and/or their advisors. A detailed log was kept of who had physically viewed which information or documents in the data room. Overall, this made the already typically complex process of due diligence even more complex.

Compared to physical data rooms, VDRs offer a number of advantages:

• Parallel access: Involvement of multiple prospective buyers in due diligence at the same time without the need to set up parallel data rooms in different locations.
• Time- and location-independent access: VDRs allow users to access documents and information at any time from almost anywhere, as long as there is an internet connection. This saves participants the need to be physically present at a location.
• Rapid distribution of information: In a VDR, documents and information can be uploaded, organized, and released to authorized users quickly and efficiently; this is significantly faster compared to physical distribution of paper documents. In addition, using a VDR can accelerate the overall due diligence process, as information is shared and processed more quickly.
• Real-time access control: VDRs typically offer full access control. For example, it can be specified which users may access which documents.
• Traceability: Furthermore, VDRs enable precise tracking of user activities, including the frequency of document access and downloads. This serves transparency and helps to better monitor the actions of all users. An access log generated via the VDR can potentially be used in a dispute where knowledge or the possibility of knowledge of certain information is contested. Although the seller cannot yet prove the buyer’s knowledge of any defects, this should represent a significant step forward with this proof, which is difficult to provide in practice.
• Security: VDRs typically offer higher security for confidential information than physical data rooms. Encryption, access logging, and other security measures can ensure data protection.
• Cost savings: Using a VDR can be more cost-effective, as it reduces the need for physical space, printing costs, and possibly other expenses associated with setting up and maintaining a physical data room.

What should you pay particular attention to when using/setting up a virtual data room?

To make the use of a VDR effective, secure, and as user-friendly as possible, the following aspects should be considered:

• Precise usage rules for the VDR: Regardless of transaction size, binding usage rules for the VDR should first be agreed upon between the parties.
• Security and data protection: It should be ensured that the VDR offers security measures such as data encryption, access control, multi-factor authentication, and protection against unauthorized access. It should also be determined whether print restrictions should possibly be set up for the documents provided in the VDR. This can serve to additionally safeguard the confidentiality of the information available in the VDR. Permissions: There should be the ability to set specific permissions for user(s) groups. In this way, access to specific documents or folders can be controlled and the individual roles and responsibilities of users can be appropriately considered.
• User-friendliness and document organization: The VDR should be intuitive and user-friendly to make usage as simple as possible for all participants. For example, a clear and well-organized folder structure and a simple search function are recommended. A clear structure and labeling makes it easier for users to quickly find the information they need. There should also be the ability for VDR users to ask and manage their questions (e.g., regarding requested but not yet provided documents) via an appropriate tool (e.g., in the form of a digital Q&A list).
• Traceability: The VDR should be able to log who accessed which documents and exactly when this activity took place (to the extent this is permissible under data protection law). The data material obtained in this way can potentially be used in a dispute where the acquirer’s knowledge of certain due diligence information is contested.
• Technical support: It should also be ensured that technical support is available to provide quick assistance with any problems or questions that arise.
• Compatibility: It should be ensured that the VDR is compatible with various file formats to ensure that users can access the information they need without problems. There should also be sufficient storage space to cover the required data volume.
• Backup and recovery: A function for regular backup creation and a reliable recovery function should also be available to ensure that data and information can be restored in the event of a technical problem or data loss.
• Compliance with legal requirements: It must be ensured that the VDR complies with applicable legal requirements, particularly with regard to data protection and the storage of sensitive information (e.g., handling of personal data and information about employees of the target company in the VDR).
• Careful selection: In the event that a third-party provider is to provide and manage the VDR, careful selection of this provider should be ensured so that the previously mentioned aspects are adequately considered.

Conclusion

In summary, VDRs offer a multitude of advantages over physical data rooms and represent a modern and appropriate alternative, particularly with regard to factors such as efficiency, security, and user-friendliness.

However, whether commissioning external data room providers or using a self-organized method for making documents and information available, care should be taken to ensure that the previously explained aspects are adequately and appropriately considered.

From the newsletter
“Corporate Law, Deals & Capital Markets” To our
M&A Vocabularies