On June 4–5, 2026, I had the pleasure of attending the 17th UIA Annual Business Law Forum, held in Zurich and organised by the International Association of Lawyers (UIA).
This annual event has become a key meeting point for international business lawyers and, this year, focused on cross-border partnerships and transactions involving innovative, high-growth companies in technology and science-driven sectors.
As an active UIA member, this conference offered a valuable opportunity not only to exchange views with practitioners from around the world, but also to contribute to discussions on topics that are central to my practice: intellectual property and data protection.
A conference at the heart of innovation challenges
The Forum covered a wide range of topics, including venture capital, international taxation, artificial intelligence, ESG compliance and dispute resolution.
A common thread across these discussions was clear: the value of innovative companies increasingly lies in intangible assets, such as software, algorithms, databases and research data.
In such a context, legal challenges are becoming more complex, especially in cross-border environments involving universities, start-ups, investors and multinational groups.
My contribution: GDPR due diligence in innovation projects
I had the opportunity to speak in the panel entitled: “From research to deal: unlocking, sharing and monetising IP & Data in cross-border innovation and investments.”
This panel addressed how to structure and leverage IP and data assets, while ensuring compliance with applicable legal frameworks, including the GDPR.
My intervention focused specifically on: data due diligence and data transfer risks.
Three practical scenarios
To provide a structured approach, I analysed three common scenarios:
1. Joint research projects
In collaborative environments (e.g. universities and hospitals), the key issue is to identify the role of each party:
- joint controllers
- controller / processor
- independent controllers
This classification determines:
- respective obligations
- contractual documentation
- allocation of liability
2. Data transfers
When data is shared between entities, the key question is: is the recipient acting on behalf of the transferor, or for its own purposes?
In the latter case, the recipient becomes a new controller, which requires:
- proper information of data subjects
- a valid legal basis (often consent)
Additional challenges arise for international transfers:
- adequacy decisions
- standard contractual clauses
- transfer impact assessments
3. M&A transactions
In acquisition scenarios, the focus shifts to risk assessment.
Key questions include:
- was there a valid legal basis for processing?
- were consents properly obtained and documented?
- were data subjects adequately informed?
- are processor agreements in place?
- are international transfers compliant?
These factors directly impact:
- compliance costs
- potential exposure to fines (up to €20 million or 4% of global turnover)
- the valuation of the target
A key takeaway
The main message of my intervention was the following: data protection must be addressed early in the design of innovation projects.
Too often, companies defer these questions to the due diligence phase. However, if compliance is not properly ensured at the data collection stage, the data may become unusable, non-transferable, or even worthless.
In today’s economy, GDPR compliance is not only about avoiding sanctions: it directly determines whether data can be used and monetized.
The UIA: a global professional network
Beyond the technical sessions, the Forum also provided a great opportunity to further engage within the UIA, a truly international network of legal professionals.
Networking, discussions and informal exchanges once again highlighted the importance of such organisations in addressing increasingly global legal challenges.
