An important step in M&A transactions is the legal and financial analysis of the target company, a process referred to as “due diligence”. As part of this step, the target company will generally provide the potential buyer with large volumes of information. Data protection, including but not limited to personal data, is a high priority for all parties involved and must be considered in several respects. First, the potential buyer(s) should include an audit of the target company’s compliance with data protection regulations in their analysis. Furthermore the seller, who wants to provide potential buyers with all the information necessary for the purpose of assessing price and risk, will have to provide potential buyers with documents and information containing personal data or, more generally, data of a confidential nature and/or covered by business secrecy. So how can one meet the legal constraints and/or protect the rights of third parties and/or the interests of the target company, while allowing potential buyers to form a clear picture of the target company?