M&A in fashion & beauty — how the EU’s crackdown on burning stock is reshaping deals

We explore the ESPR’s implications for M&A and outline what businesses should be doing in response.
Talk to us: 0333 004 4488 | hello@brabners.com
AuthorsEleanore Beard
3 min read
Commercial & Contracts, Technology, Media & Telecoms, Regulatory & Professional Conduct, Data Protection

Every year, 28 January marks Data Protection Day. Intended to raise awareness of consumer rights under data protection and privacy legislation, Data Protection Day also serves as a reminder for organisations to assess and prioritise their data security and internal practices to ensure regulatory compliance and build trust with customers.
Here, Senior Associate and data protection law expert Eleanore Beard explains how the data protection landscape has changed and what businesses need to do to stay on top.
Recent years have seen the data protection landscape continually evolve, with the introduction of regulations like the General Data Protection Regulation (GDPR) and various privacy laws globally, including (post-Brexit) the UK GDPR.
These regulations now set minimum standards for the collection, processing and storage of personal data — empowering individuals to have greater control over their information.
Last year, things developed further. In July 2023, the EU adopted its decision on the EU to US Data Privacy Framework. A few months later, the UK to US Data Bridge was approved as an extension to the Data Privacy Framework — providing a mechanism for businesses in the UK to transfer personal data to US businesses certified under the EU to US framework.
There are still concerns over this international transfer framework and further advice should always be sought for international transfers to ensure that the relevant protections are in place.
We also saw new data protection provisions like the Online Safety Act 2023 and other data protection initiatives being discussed, such as the regulation of AI — and there is no sign of this evolution slowing down.
The proposed new UK Data Protection and Digital Information Bill was debated in December 2023. Many believe that this is likely to start coming into UK law mid-2024 — so businesses need to prepare now.
2023 saw an increase in public awareness around data protection, with individuals encouraged to take proactive steps to protect their privacy. This is likely to have played a role in the increased number of civil actions, claims and calls for class action lawsuits around data protection breaches.
To stay protected, businesses must implement robust data protection and cybersecurity measures, conduct regular audits and educate their people on correct data protection practices.
By prioritising privacy and staying informed about the evolving landscape of data protection, every business can contribute to a more secure and trustworthy digital world.
And while technological innovations can enhance security measures — such as encryption, biometrics and artificial intelligence — it’s important to be mindful of the potential risks and ethical considerations of failing to be compliant.
If you’re not sure where to start in terms of data protection, privacy and compliance, our experienced team can help.
With cost-effective and fixed-fee solutions, we can provide training and establish a compliant data privacy culture, implementing the principles of data protection and effective safeguarding.

We explore the ESPR’s implications for M&A and outline what businesses should be doing in response.

Live from Old Trafford, we explored the realities of geopolitical risk, security threats, commercial sustainability and the growing role of technology.

We explore the key changes and outline the practical steps that retailers need to take ahead of 2027.

We explore the tension between AI‑driven optimism and growing fears of an overinflated tech bubble.

We explore how commercial partnerships in motorsport are evolving and outline the practical considerations for sponsors and rights holders.

We explore what the HFSS regime means in practice, break down how the ASA is applying the rules and outlines the steps that retailers should take now.

We explore the decision, its legal context and its implications for selective distribution and online sales controls.

We explain why uncontrolled use of public AI tools creates real confidentiality and data protection risks and outline how you can manage them safely.

We explore how scaleup policy, growth opportunities and local engagement help ambitious businesses to turn national strategy into practical support.

We break down the sector-wide impact of the Government’s funding boost and prescribing reforms.

We explore the Court’s reasoning, the key findings and what this judgment means for future procurement challenges.

We explore the sector’s digital shift, from predictive repairs and income management to tenant engagement and the governance needed for responsible AI use.

We delve into the key changes coming into force on 19 June 2026 and explain how businesses should prepare.

We outline what's changed under the new test and consider what this may mean in practice for both contracting authorities and challengers.

We explore the implications of the attacks for UK businesses and outline the practical measures that can help to mitigate similar disruption.

We outline the key reforms and what contracting authorities and suppliers should be doing to prepare.

We explore the legal considerations behind major athlete endorsement deals, from image rights to exclusivity and reputational protection.

We brought the retail sector together in London for a focused look at the risks, from physical threats, digital disruption and reputational challenges.

We explore how new parliamentary findings and the Government’s updated position are shifting the UK’s direction on AI and copyright.

We explain how AI patent applications are now being assessed and what this means for innovation and patent strategies.

We explore why retailers are particularly affected by deepfakes and the implications around data protection, IP, advertising compliance and more.

We explore how AI is transforming data protection, the risks that organisations now face and what effective compliance looks like today.

We explore the key challenges retailers face with Martyn’s Law, how to balance compliance with operations and the common misconceptions.

We break down the key insights from each panel, exploring AI's real-world impact and why it’s crucial to balance innovation with long‑term sustainability.

We explore the key findings from the study and outline what they mean for clubs, governing bodies and others responsible for player welfare.