We intervened to carry out an audit of a target company in order to identify the areas of risk in terms of IP/IT/Personal Data at the request of an investment fund.

Case details

An investment fund asked us to carry out a legal audit in relation to IP/IT/Personal data of a company with a view to its acquisition.

Our intervention

At the start of our mission, we sent a detailed questionnaire to the target company in order to collect the documents necessary for our audit.

In parallel with our analysis of the documentation communicated in the data room, we proposed to organize telephone meetings with a few key people (managers, DPOs, CIOs) in order to deepen our understanding of the risk areas. 

At the end of our intervention, we submitted an audit report containing an executive summary of the main risks detected according to a color code indicating the level of risk, as well as the details of our analyses and recommendations.

The challenge 

- We were quickly able to identify that the founders of the target company had developed some of the code for the software distributed by the company, but had not assigned their intellectual property rights. We have found a contractual solution in conjunction with our client and his corporate and tax advisors, so that the target company becomes the owner of the intellectual property rights.

- We conducted an audit of the open source components used on the basis of the bill of materials of the software distributed by the target company, which revealed that some components were subject to so-called copyleft licenses, which helped to lower the purchase price.

- We have identified numerous non-compliances with the European regulation on the protection of personal data (GDPR), which we have recommended to cover in the asset and liability guarantee.