Best Practices for Data Management During Mergers & Acquisitions


This article has been adapted from its original version on DBTA.

A hairy M&A and divestiture challenge which executives too often underestimate is migrating massive amounts data, most of it unstructured, between entities. When you create a new company through a merger, acquire an existing company or spin off a new business out of an older one, you typically need to move and restructure a number of data assets—ranging from business records, to documentation databases, software source code, and beyond.

Here are the needs and risks:

  • Large volumes of data across the entities requires a plan for data transfer as well as combining and purging data. This is difficult with petabytes of data distributed across multiple data centers, clouds and branch locations.
  • Time for data management planning is not always accounted for in the reorganization, leading to a situation where data transfers happen quickly and haphazardly. Data can get lost, damaged, or mismanaged. Now somebody’s got to clean up that mess later and it won’t fall just on enterprise IT’s shoulders—but all departments, divisions and executives across the organization.
  • A major business restructuring from a merger or divestiture carries with it legal risks—for privacy, security, auditing and more. These things can take a big financial bite later if issues with customers or regulators occur.
  • Not all data needs to be migrated during a divestiture or an acquisition—figuring out what data should stay, what data should migrate, what data is obsolete and then taking the appropriate action can be cumbersome, laborious and error-prone.

A data management plan for M&As should allow you to plan, identify and move data efficiently, and provide deep visibility into the data so that you can stay on top of any security, compliance or auditing challenges that may arise in the future.

Here are a few tips to guide the way:

  1. Just say no to the data storage dump. It’s common to take all or most of the data from the original entity and dump it onto storage infrastructure at the new company. While this may seem like the simplest way to handle a data migration, it’s highly inefficient. You end up transferring lots of data that the new business may not actually need or records for which the mandatory retention period may have expired. This also increases the risk that you’ll run afoul of compliance or security requirements that apply to the new business entity but not the original one. For instance, the new business may be subject to GDPR data privacy mandates because of its location in Europe.
  2. The better approach: analytics-driven migration. Start by creating a global index of all of the data that exists at the time of the merger, acquisition or divestiture. Your index should allow you to determine which types of data you are dealing with–legal records, compliance databases, files containing PII, video, customer emails and chats, R&D documents, productivity documents and so on—and when they were created, who created and accessed them and so on. Then, using the data index, develop a plan for transferring the data as efficiently as possible and with minimal risk.
  3. Dispose of obsolete data and archive non-critical data: Data that is no longer needed can be deleted before the transfer to save time and reduce storage costs. In some cases, you may determine that you no longer need a given data set, but you may still want to keep the data on hand in case you decide to leverage it in the future. You can place this data in a cold storage solution like AWS Glacier, where it will remain available at very low cost.
  4. Move data granularly: Referencing your data index, determine where each data asset needs to go. If there are multiple new business entities in the picture, it’s likely that you’ll need to break up some data sets so that different parts end up at different businesses. The data index ensures you can make the right decisions about where to target each piece of data and that files are stored appropriately for specific requirements such as performance and security.
  5. Update access controls. The data index allows you to determine which security protections need to be in place for each data asset. Ensure that you configure the right access controls after the data transfer, even if access control tooling changes–which it typically will if, for example, you end up moving on-premises data into a public cloud.
  6. Maintain an audit trail: Keep meticulous records during the data transfer so that you can track which data moves where and which access controls are in place following the transfer.
  7. Enhance metadata: In some cases, you may wish to add extra context to your data by creating tags that identify the data’s original source. Use the data index for this purpose gives even more visibility into the data in case you need it down the road.

It would be nice if data management following a merger, acquisition or divestiture deal were as simple as moving a bunch of files from one storage location to another. But it’s not. To minimize risk and maximize efficiency, you need a data transfer plan tailored to the requirements of the business entities that emerge from the deal.

Although developing such a plan requires work, having a global index that catalogs all of the data at stake makes the process smooth and efficient. When you know which data you are dealing with and how it impacts the business, you can transfer it with confidence, even in the most complex M&A+D scenarios.

Learn more about the Komprise Global File Index and Smart Data Migration approach.

Getting Started with Komprise:

Contact | Data Assessment