Virtual Data Room Glossary

Plain-language definitions of terms used across virtual data rooms, M&A due diligence, and EU data protection.

All Terms

  • AES-256256-bit Advanced Encryption Standard — the industry baseline for at-rest encryption in VDRs.
  • Audit TrailA tamper-evident record of every action in a virtual data room.
  • BSI C5Germany's Cloud Computing Compliance Criteria Catalogue.
  • Bulk UploadDrag-and-drop upload of large folder hierarchies with automatic indexing.
  • Buy-SideThe buyer's side of an M&A transaction.
  • Controller and ProcessorTwo GDPR roles defining who decides the means and purposes of data processing (controller) and who processes on the controller's instructions (processor).
  • Data ResidencyThe country or region where data is physically stored.
  • Data Room IndexThe master document listing every document in the VDR with metadata.
  • Data SovereigntyThe principle that data is subject to the laws and supervision of the country in which it is stored or processed.
  • Document RedactionRemoving personal data, commercial sensitive information, or confidential identifiers before disclosure.
  • DORA (Digital Operational Resilience Act)EU regulation creating an ICT risk-management framework for the financial sector.
  • DPA (Data Processing Agreement)The Article 28 GDPR contract between controller and processor.
  • Due DiligenceThe systematic investigation a buyer performs on a target company before signing a transaction.
  • Dynamic WatermarkingStamping every viewed page with the viewer's identity to deter unauthorized redistribution.
  • eIDASEU regulation on electronic identification, signatures, and trust services.
  • Fence ViewA view-only mode that obscures parts of the screen except where the cursor hovers, defeating photographic exfiltration.
  • GDPR (General Data Protection Regulation)The EU's principal data-protection law in force since 2018.
  • Granular PermissionsPer-user, per-folder, per-document access control — the foundation of a deal-grade VDR.
  • IPO (Initial Public Offering)The first public sale of a company's shares to investors on a stock exchange.
  • ISO 27001International information-security management system standard.
  • ISO 27018Code of practice for protecting PII in public cloud services.
  • M&A (Mergers and Acquisitions)Transactions involving the sale, purchase, or combination of companies and businesses.
  • Multi-Factor Authentication (MFA / 2FA)An additional authentication factor beyond password — typically TOTP, push, or hardware token.
  • NDA (Non-Disclosure Agreement)A contractual obligation of confidentiality typically required before a bidder receives VDR access.
  • NIS2 DirectiveEU cybersecurity directive replacing NIS1; transposition deadline 17 October 2024.
  • NPL (Non-Performing Loan)A loan in default or near default; sold by banks to specialist investors.
  • OCR (Optical Character Recognition)Conversion of scanned PDFs and images into searchable, indexable text.
  • Q&A ModuleThe Q&A module routes questions from bidders through coordinators to subject-matter experts, captures the answer canonically, and writes it back to bidders.
  • SCC (Standard Contractual Clauses)European Commission-approved contractual clauses for transferring personal data outside the EEA.
  • Schrems IIThe 2020 CJEU ruling on EU-US personal data transfers.
  • Sealed CloudAn architecture in which the operator cannot access stored or processed plaintext.
  • Sell-SideThe seller's side of an M&A transaction — the party disposing of assets, shares, or a business.
  • Smart Index / Auto-IndexAutomatic numbering and folder ordering applied to uploaded documents.
  • SOC 2AICPA-developed audit framework based on five trust services criteria.
  • SSO (Single Sign-On)Federation that lets users sign in with their corporate identity provider rather than a separate VDR password.
  • Sub-ProcessorAny third party engaged by a processor to process personal data on the controller's behalf.
  • TIA (Transfer Impact Assessment)A documented assessment of whether transferring personal data outside the EEA satisfies GDPR Chapter V.
  • TLS 1.3Transport Layer Security version 1.3 — the modern protocol for in-transit encryption.
  • View-Only ModeDocument access without download or print capability.
  • Virtual Data Room (VDR)A virtual data room (VDR) is a secure online platform for sharing confidential documents during European M&A, fundraising, and due diligence transactions.