Business interruptions could adversely affect future operations, revenues, and financial conditions, and may increase our costs and expenses.
Our operations, and those of our directors, advisors, contractors, consultants, CROs, and collaborators, could be adversely affected by earthquakes, floods, hurricanes, typhoons, extreme weather conditions, fires, water shortages, power failures, business systems failures, medical epidemics, pandemics such as the COVID-19 pandemic, and other natural and man-made disaster or business interruptions. Our phones, electronic devices and computer systems and those of our directors, advisors, contractors, consultants, CROs, and collaborators are vulnerable to damages, theft and accidental loss, negligence, unauthorized access, terrorism, war, electronic and telecommunications failures, and other natural and man-made disasters. Several of our employees conduct business outside of our headquarters and leased or owned facilities. These locations may be subject to additional security and other risk factors due to the limited control of our employees. If such an event as described above were to occur in the future, it may cause interruptions in our operations, delay research and development programs, clinical trials, regulatory activities, manufacturing and quality assurance activities, sales and marketing activities, hiring, training of employees and persons within associated third parties, and other business activities. For example, the loss of clinical trial data from completed or future clinical trials could result in delays in our regulatory approval efforts and significantly increase our costs to recover or reproduce the data.
Likewise, we will rely on third parties to manufacture BXCL501 and BXCL701 and conduct clinical trials, and similar events as those described in the prior paragraph relating to their business systems, equipment and facilities could also have a material adverse effect on our business. To the extent that any disruption or security breach were to result in a loss of, or damage to, our data or applications, or inappropriate disclosure of confidential or proprietary information, we could incur liability and the further development and commercialization of our product candidate could be delayed or altogether terminated.
Risks associated with data privacy issues, including evolving laws, regulations and associated compliance efforts, may adversely impact our business and financial results.
Legislation in various countries around the world with regard to cybersecurity, privacy and data protection is rapidly expanding and creating a complex compliance environment. We are subject to many privacy and data protection laws and regulations in the U.S. and around the world, some of which place restrictions on our ability to process personal data across our business. In particular, the General Data Protection Regulation, or GDPR, which became effective in May 2018, has caused more stringent data protection requirements in the European Union. The GDPR imposes onerous accountability obligations requiring data controllers and processors to maintain a record of their data processing and implement policies as part of its mandated privacy governance framework. It also requires data controllers to be transparent and disclose to data subjects how their personal information is to be used; imposes limitations on retention of personal data; introduces mandatory data breach notification requirements; and sets higher standards for data controllers to demonstrate that they have obtained valid consent for certain data processing activities. To the extent we collect data from individuals in the European Union, we will be subject to the supervision of local data protection authorities in those E.U. jurisdictions where we are established or otherwise subject to the GDPR. Certain breaches of the GDPR requirements could result in substantial fines, which can be up to four percent of worldwide revenue or 20 million Euros, whichever is greater. In addition to the foregoing, a breach of the GDPR could result in regulatory investigations, reputational damage, orders to cease/change our use of data, enforcement notices, as well potential civil claims including class action type litigation where individuals suffered harm.
Our failure to successfully acquire, develop and market additional product candidates or approved drug products could impair our ability to grow.
As part of our growth strategy, we may evaluate, acquire, license, develop and/or market additional product candidates and technologies. These investments will not constitute a significant portion of our business. However, our internal research capabilities are limited and we may be dependent upon pharmaceutical and biotechnology companies, academic scientists and other researchers to sell or license products or technology to us. The success of this strategy depends partly upon our ability to identify, select and acquire promising pharmaceutical product candidates and products. The process of proposing, negotiating and implementing a license or acquisition of a product candidate or
