When it comes to selling your business, you want to treat your business the same way you would treat a beloved family home that you put up for sale. In a way, they’re similar assets—both are things you’ve probably poured a lot of time, money, and effort into. 

It would also make sense that you’d want to get the best possible price for it, the same way you would want the best price for your beloved home. To sell a house, homeowners may increase the sales price by completing minor repairs, getting the paperwork in tip-top shape, cleaning and staging the home, trimming the hedges to boost the property’s curb appeal, and hiring a professional photographer to take the most flattering shots. 

They put in the effort, and often see the market price of their home increase accordingly. 

The same thing applies to your business. Rather than selling your business “as-is,” putting in the time and effort to clean house beforehand can increase the value of your business, helping you attract offers from more legitimate parties and prevent liability down the road. 

This is especially applicable with regard to your company data. Data can be a valuable asset for your team. But if it’s not mapped, if your compliance is all over the place, or if you don’t have a transparent system, your data can end up looking like a horror-movie basement that scares off any potential buyers and damages consumer trust. 

Don’t try selling your business with horror-movie data systems. Here’s how to prepare your company data when you’re ready to sell your business. 

Conduct a data inventory

A data inventory accomplishes a number of purposes. It helps you understand what data your business has collected over time, how it has been (and is currently being) used, and how it is stored and shared. 

It can also help you assess whether your systems are in compliance with the plethora of data privacy laws that have been popping up in different countries and U.S. states. 

Serious buyers will request a data inventory for your company data and may even want to conduct one of their own, so it makes sense to start mapping your data now to know what to expect and where you may need to clean house. 

Here are some of the things you’ll need to cover in a data inventory:

  • What type of data do you collect? (for example, name, address, location, phone number, username, password, financial data)
  • Where does the data come from? Is it collected via your website, social media, or another mechanism?
  • Where, how, and for how long do you store your data? Do you store it in-house, with a third-party vendor, or in the cloud? 
  • How do you use each piece of data? (Is it for in-house analytics? Customer outreach? Third-party applications like shipping management?)
  • Do you share your data with any third-party vendors, whether in the course of system operation or as a third-party sale?

Tip: Work with your IT, marketing, customer service, and operations team to track a single piece of data. Use that data point as a test case to figure out:

  • How you collect it
  • What information is collected
  • All of the different places it goes
  • How it’s used
  • Where it’s stored
  • Who can access it
  • Where it’s vulnerable to breach or corruption

As you organize your data inventory, it’s possible that your data may not be consistent across systems. If this happens, you will need to be able to account for any disparate data, and either resolve the discrepancy or explain it to buyers. 

Small companies may be able to track and audit their data independently, but large companies or companies that collect a significant amount of data may need to bring in a third-party consultant for a thorough data inventory. 

Once you’ve conducted a thorough review, you can start compiling the paperwork to go with it (and just like selling a house, selling a company involves a lot of paperwork). 

Prepare the paperwork

When people buy a house, they want to make sure they are purchasing an asset at fair market value, and one that it’s free of any risky liens or encumbrances. That’s why homebuyers often do an appraisal and title search. Any buyer interested in your company will want the same assurances, starting with your financial and customer data reports. 

Think of clear and transparent reports like giant green flags for your business. They show potential buyers that your business is organized, that you’re honest with your financial records, and that buying your company won’t result in a horror story á la Tom Hanks in The Money Pit

Take some time to collect:

  • All information related to your privacy and security policies
  • Individual rights requests procedures
  • Privacy training materials
  • Any privacy analyses that have been prepared
  • A report of all assets and their asset type
  • List of all active customers and relevant information
  • List of all affiliates, legal partners, or associated vendors
  • Other applicable metrics typical in your field

Prepare your data inventory alongside these reports in a straightforward, centralized repository so that you can quickly gather the relevant information as needed throughout the sale. 

Review applicable data privacy regulations

Just as a house needs to be up-to-code and compliant with state and local laws, your data privacy policy and practices must also comply with all applicable regulations, which vary significantly by location.

One of the most sweeping regulations is the European Union’s General Data Protection Regulation (GDPR). Some U.S. states also have their own individual policies, including Virginia, California, Colorado, Utah, and Connecticut. (But note that there is not currently a federal privacy law!)

Under most statutes, even if a business isn’t based in a specific location, if you collect data from a citizen in that state or country, you are legally required to comply with that government’s data privacy policy. This can make compliance a bit tricky. 

Businesses generally find that the best data privacy policies are based on industry-wide best practices, rather than compliance with individual mandates. This strategy supports a business-friendly (and seller-friendly!) approach to privacy because it reassures interested buyers that your data privacy system won’t need an overhaul as soon as a new regulation comes into effect. 

Once you document your current compliance with data privacy regulations, review what policies may affect your data privacy in the event of a sale. 

Consider this:

  • Not all customer data can automatically transfer in the event of a company sale—your business may not have the right to transfer certain data based on company policies and customer contracts  
  • Under some jurisdictions, businesses may be required to notify customers of a data transfer or sale, or even re-obtain consent to data collection
  • If your business shares data or processes data for a third party, its data-sharing capacity may be impacted in the event of a change in ownership

Your buyer will likely raise many of these questions, so it makes sense to have the answers ahead of time. That said, it’s a complicated process, so when in doubt, consult with an expert. 

Bring in an expert to help

Even if your business has an in-house IT team, this type of large-scale data inventory and organization can be an intimidating process. 

In the same way that a seller’s agent protects a home seller by providing property disclosures and screening buyers, an expert data advisor can help a business protect its assets, reduce risk, and present the best possible product to potential buyers. A privacy subject matter expert can review the flow of data, assess your privacy practices, and whether: 

  • Your practices are in compliance with privacy regulations
  • Any aspect of the sale would impact consumer trust and expectations

Red Clover Advisors has the experience and knowledge to secure your data and prepare for the sale of your business. We make data privacy practices simple and straightforward, in a way that makes sense for your business, and wherever the future may take you. Contact us today to schedule a free consultation.

The post How to Prepare Your Company Data When Selling a Business appeared first on Red Clover Advisors.

Jodi Daniels

Jodi Daniels is Founder and CEO of Red Clover Advisors, a privacy consultancy, helping companies from startup to Fortune 100 create privacy programs, build customer trust and achieve GDPR, CCPA, and privacy law compliance. Jodi as a Certified Informational Privacy Professional with the…

Jodi Daniels is Founder and CEO of Red Clover Advisors, a privacy consultancy, helping companies from startup to Fortune 100 create privacy programs, build customer trust and achieve GDPR, CCPA, and privacy law compliance. Jodi as a Certified Informational Privacy Professional with the daily privacy operations such as data mapping, individual rights, training, policies, etc. and also serves as a fractional chief privacy officer. Jodi Daniels is a national keynote speaker, host of the She Said Privacy / He Said Security Podcast, and also has been featured in The Economist, Forbes, Inc., Authority Magazine, ISACA, and more. Jodi holds a Masters of Business Administration and a Bachelor of Business Administration from Emory University’s Goizueta Business School.