Virtual Data Room Glossary
Plain-language definitions of terms used across virtual data rooms, M&A due diligence, and EU data protection.
All Terms
- AES-256: 256-bit Advanced Encryption Standard: the industry baseline for at-rest encryption in VDRs.
- Audit Trail: A tamper-evident record of every action in a virtual data room.
- BSI C5: Germany's Cloud Computing Compliance Criteria Catalogue.
- Bulk Upload: Drag-and-drop upload of large folder hierarchies with automatic indexing.
- Buy-Side: The buyer's side of an M&A transaction.
- Controller and Processor: Two GDPR roles defining who decides the means and purposes of data processing (controller) and who processes on the controller's instructions (processor).
- Data Residency: The country or region where data is physically stored.
- Data Room Index: The master document listing every document in the VDR with metadata.
- Data Sovereignty: The principle that data is subject to the laws and supervision of the country in which it is stored or processed.
- Document Redaction: Removing personal data, commercial sensitive information, or confidential identifiers before disclosure.
- DORA (Digital Operational Resilience Act): EU regulation creating an ICT risk-management framework for the financial sector.
- DPA (Data Processing Agreement): The Article 28 GDPR contract between controller and processor.
- Due Diligence: The systematic investigation a buyer performs on a target company before signing a transaction.
- Dynamic Watermarking: Stamping every viewed page with the viewer's identity to deter unauthorized redistribution.
- eIDAS: EU regulation on electronic identification, signatures, and trust services.
- Fence View: A view-only mode that obscures parts of the screen except where the cursor hovers, defeating photographic exfiltration.
- GDPR (General Data Protection Regulation): The EU's principal data-protection law in force since 2018.
- Granular Permissions: Per-user, per-folder, per-document access control: the foundation of a deal-grade VDR.
- IPO (Initial Public Offering): The first public sale of a company's shares to investors on a stock exchange.
- ISO 27001: International information-security management system standard.
- ISO 27018: Code of practice for protecting PII in public cloud services.
- M&A (Mergers and Acquisitions): Transactions involving the sale, purchase, or combination of companies and businesses.
- Multi-Factor Authentication (MFA / 2FA): An additional authentication factor beyond password: typically TOTP, push, or hardware token.
- NDA (Non-Disclosure Agreement): A contractual obligation of confidentiality typically required before a bidder receives VDR access.
- NIS2 Directive: EU cybersecurity directive replacing NIS1; transposition deadline 17 October 2024.
- NPL (Non-Performing Loan): A loan in default or near default; sold by banks to specialist investors.
- OCR (Optical Character Recognition): Conversion of scanned PDFs and images into searchable, indexable text.
- Q&A Module: The Q&A module routes questions from bidders through coordinators to subject-matter experts, captures the answer canonically, and writes it back to bidders.
- SCC (Standard Contractual Clauses): European Commission-approved contractual clauses for transferring personal data outside the EEA.
- Schrems II: The 2020 CJEU ruling on EU-US personal data transfers.
- Sealed Cloud: An architecture in which the operator cannot access stored or processed plaintext.
- Sell-Side: The seller's side of an M&A transaction: the party disposing of assets, shares, or a business.
- Smart Index / Auto-Index: Automatic numbering and folder ordering applied to uploaded documents.
- SOC 2: AICPA-developed audit framework based on five trust services criteria.
- SSO (Single Sign-On): Federation that lets users sign in with their corporate identity provider rather than a separate VDR password.
- Sub-Processor: Any third party engaged by a processor to process personal data on the controller's behalf.
- TIA (Transfer Impact Assessment): A documented assessment of whether transferring personal data outside the EEA satisfies GDPR Chapter V.
- TLS 1.3: Transport Layer Security version 1.3: the modern protocol for in-transit encryption.
- View-Only Mode: Document access without download or print capability.
- Virtual Data Room (VDR): A virtual data room (VDR) is a secure online platform for sharing confidential documents during European M&A, fundraising, and due diligence transactions.