Ask HN: Is GDPR hurting European tech valuations and acquisitions?

12 points by seibelj ↗ HN
I heard a concerning anecdote from a friend. He (American) was trying to make a relatively small acquisition of a European SaaS business. 6 figure deal for a company with ~100k MATU. They were running out of cash and needed to be acquired.

Ultimately the deal did not go through because of GDPR. I am fuzzy on the exact details, but he claimed that per GDPR requirements, every single customer would have to sign back up for the service and they could not be shifted over to the new company without explicitly opting in. So the MATU would be zero until they re-acquired the users.

So the deal did not go through and the company shut down. Has anyone else noticed issues with European valuations and M&A because of GDPR?

17 comments

[ 16.2 ms ] story [ 48.1 ms ] thread
I'd say the law has worked very well in this case: The customers private data was at risk (being moved out of the jurisdiction that protects it) and an unscrupulous buyer preferred to pass on the opportunity than assuring the customers their data was going to be as safe as before.

I see no culprits or bad actors here. Everyone looks after themselves.

It may have worked very well. But it will mean that because of these regulations, there will be less investment in any companies under the EU from outside companies.

Eventually, the EU will have its own companies and separated Internet. Is this really a good thing?

I can see the case that it might be harmful for the GDP, but how would less investment translate into a separate internet?
Companies are already blocking IP addresses from the EU due to the new GDPR regulations. As restrictions and laws increase (which seems to be happening already), it will make sense to just block access rather than deal with draconian regulations.

The end result will be a separate Internet for people in the EU because so many sites will be unavailable to them.

Maybe they will block access at the beginning, but here in Europe we have a huge market and I do not really believe that companies will stay away just because they cannot steal our data. If so, then we will be very happy about it and someone else will get their pie slice..
It's not about 'stealing data'. It's the vague regulations and overreach by the EU that will stop companies and investors from entering the EU market.

"If so, then we will be very happy about it and someone else will get their pie slice.."

An interesting unintended consequence is that small companies will be pushed out of the market in favor of large companies that have the money to pay for all of the legal hoops you have to jump through.

A few large players dominating the market is not really in the best interest of anyone...except the companies that are able to keep out all of their competitors.

This. GDPR is not merely a list of bad things not to do, compliance requires a lot of new work and risking huge penalties if someone decides your lawyer should have interpreted the (untested!) law differently.
Welcome to the age of (digital) data.

China understood this several years ago, and who wants to enter that market? Basically everyone, despite the costs and regulations.

It means that EU will have their own WhatsApp, Facebook, etc... If these companies leave, which they don't and never will. Money doesn't have any political preference.

It's better if the EU data stay protected by EU and govern by EU companies. I welcome this as US companies are very invasive and don't want to care (Facebook, Google). If we can have pure European alternatives as China, I think better for us. I disagree it means separated Internet at all.
When the internet hit the 2000s the idea of these universal services was super powerful.

Now services are pretty quaint. Given a SaaS that is successful, multiple clones will exist in a few months. Data and sovereignty over data is the next thing imo.

An Internet that respects my rights vs an Internet that does not. Why is the former a bad thing?
You can look at it the other way around: GDPR can be a barrier to entry in the European market, therefore making EU compagnies more resistant to outside competitors, which increases their valuation.

As a foreign company, if you want to enter the European market you can either comply with GDPR (which honestly is not that hard despite all the FUD), or take a stake in an existing EU company, provided you let it continue operating as it currently does or at least in a GDPR-compliant way. Buying a EU company to siphon off its customer data (even if it’s just to merge with your own platform) is a big no-no, unless you yourself are GDPR-compliant.

gdpr is even more strict for EU based companies: you have to apply gdpr to every user around the world.

> which increases their valuation.

how?

Lack of competition makes you less resistant to competitors.
Well, GDPR wasn't created to maximise profit or simplify the production of shareholder value. So... there.
I wish we have this rule in the US. So many times I start getting spam from random companies that after closer look it turns out they are owner of some servicev I signed up years ago.