GOOD PRACTICES Virtual Data Room: Everything you need to know

The Virtual Data Room industry is now estimated to be worth USD 5,76 billion by 2032, according to Straitresearch. Data rooms, initially used mostly in M&A transactions, are now implemented widely by companies from various economy sectors. VDR’s popularity is growing as more and more companies give up traditional (paper) office management, which is followed by increasing threats of information breach. The main purpose of the data doom is to provide the highest level of security for electronic information which is shared between organizations.

In short:

• VDR is an extremely secure environment for sharing information online
• The difference between VDR and email is roughly the same as sending cash in an envelope and hiring a convoy.
• Security is just the beginning: equally important is supervision over who has access to what information, when and to what extent. You literally control everything here.

In the simplest terms, Virtual Data Room is a web-based electronic document repository in which a company can keep confidential documents safely and grant access to them to any authorized person. In fact, this environment is extremely secure and encrypted with algorithms similar to those used in electronic banking (EV SSL).

Access to information is limited and strictly monitored by the administrator. It is decided by the administrator on who will have access to information, to which documents specifically, and to what extent (e.g. whether a user will be able to save files, print them, etc.). The administrator invites users to VDR but can also deny or limit their access at any time. Thanks to this function, crucial business documents can be shared with external companies in a secure way and constantly monitored.

The idea is that no one will get access to confidential information unless an appropriate permissions is given, while everything that happens in VDR is being regularly reported. On the other hand, people who have been invited to the data room can work comfortably from their offices in any corner of the world at any time, day or night. Due to the fact that data room is offered as a service (SaaS) you only need a computer and Internet connection to use it.

Documents placed in data rooms are usually private and labeled as of high value to the owner. Along with uploading typical information that should always be protected, i.e. financial, personnel, legal or strategic data, more and more companies pay closer attention to security and protect information from such areas as intellectual property or patents using VDR. This is further accompanied by the necessity to be compliant with the updated (and strict) GDPR requirements in EU law – protection of personal data.

Data rooms are most often used for completing market transactions, including Mergers and Acquisitions. The essential part of any transaction is to provide access to company’s data to investors and their advisors in order for them to be able to evaluate the profitability and amount of risk related to the investment (Due Diligence).

The Due Diligence process in its traditional form (a physical data room) is typically:

• inconvenient and it generates costs (each investor has to come to the company and analyse the documents in a dedicated room),
• time-consuming (investors mustn’t know about each other so they arrive at a different time, “one after another”),
• posting a high risk of information breach (employees can find out about the transaction and it could not be completed, speculations might start; someone can take pictures of the documents or take them away).

Therefore, electronic data rooms replaced the traditional ones relatively quickly and currently they are the standard of Due Diligence (read more about it in the article Why use VDR in Due Diligence process?). Thanks to VDR, collecting information, reading them and making evaluation are more effective than ever before. The main benefits to each participant of the transaction are:

• convenience (everyone works from their offices) and transparency of the process, he seller has the ability to reach a larger group of investors from all over the world (investors work in a Virtual Data Room at the same time, but do not know of each other’s existence),
• security of the information and control over the transaction (e.g. you can know exactly what piece of information was shared to whom, when, to what extent, or for how long a particular document was viewed).

Apart from Due Diligence transactions where the benefits of using VDR are evident, data rooms are increasingly used by companies to implement projects that do not have Due Diligence phase, but simply involve sharing sensitive information with external partners (advisors, financial institutions, cooperating companies). Most often these are investment projects, construction projects, project financing, joint ventures or consulting projects. The popularity of virtual data rooms is also growing in sectors such as Life Science or banking, where protection of intellectual property, patents and the abovementioned personal data is critical.

It is definitely the high security standards that will be described in more detail at the end of this post. Security is the heart of Virtual Data Room system. There is also a second factor worth noticing – VDR, unlike other file-sharing systems, offers support from the service supplier. Support is provided 24 hours a day and includes, first of all, technical support available to all users invited into the data room and, secondly, customer support in system management (e.g. data room supplier can upload files or administrate VDR for the client).

• Security standards at the level of banking services
• Document write and print restrictions
• Read-only mode – documents secured against editing (we secure over 30 formats, including PDF, Office, DWG, DXF)
• Prevention of text selection and copying
• Watermarks on documents identifying the user
• Print Screen shortcut lock
• Redaction tool module for document anonymization
• Communication module between process parties (Q&A) – particularly important for Due Diligence
• Advanced user activity reports, monitoring every action in the system
• Comprehensive customer support, e.g., loading documents into VDR, managing VDR on behalf of the customer
• Data Room archive on encrypted USB (contains all documents, reports, Q&A communication archive, additionally confirmed with a data compliance certificate, often used as an attachment to an investment agreement or as an archive for the future)

For detailed information, refer to other articles: Can Microsoft One Drive or Google Drive replace VDR? and Safe alternative to Dropbox in Due Diligence.

Virtual Data Room is a solution for controlled sharing of confidential files outside the company, not for collaboration on documents. That’s why the VDR is a read-only system. This means that it is not possible to edit documents in the VDR and even the option of selecting text and copying it is not allowed. These are the key functionalities of this kind of applications. In addition, the system allows even more advanced constraints such as:

• blocking the option of saving documents on hard drive and printing them,
• blocking the screenshot option (Print Screen),
• imposing watermarks on the files, which in the case of taking a screenshot, helps identify the person who might have committed abuse.

In the case of the Virtual Data Room provided by FORDATA, our customers get additional protection (this time not against abuse from the users but against hacker attacks) thanks to the fact that the application for uploading and viewing documents are native applications created by FORDATA. They are not based on Flash technology – unlike most competing VDR solutions – which is considered highly vulnerable to IT threats.

When it comes to system access rights and encryption of communication, VDRs have the same security level as banking services. This includes communication encryption with secure EV SSL 256-bit protocol, logging in using strong password and SMS codes, enforcing periodic password change or auto-logout after a specified time of user inactivity. Additional mechanisms that can be found in the data room, but not in banking systems, are the ability to limit the number of IP addresses from which users can log in to VDR or blocking simultaneous logins using the same credentials.

The catalogue is much more extensive and we could talk at lengths about the subject of security. All things considered, VDRs are the safest file-sharing systems available on the market. Hence, I will purposely stop at this point and continue the topic in the next articles. I hope that I have managed to familiarize with VDR those of you who are beginners in the subject yet still find it important from the business perspective. We also encourage you to test our system and see if it is a good solution for your business.

The article was updated on December 29, 2023.