Without a legal basis the disclosure of data in the data room is inadmissible.
Whoever places employee or customer data in the data room without a legal basis risks a breach of the GDPR. Clarify the basis of disclosure before opening the data room, as a rule the legitimate interest under Art 6 GDPR, and document the balancing of interests required for it. Only then does the data belong in the data room. How the review is built overall is shown in the post on the due diligence checklist.
Only with a clean legal basis can the review of the data begin without a data protection risk.