-
Privacy and Data Protection
Our digital risk team is made up of a combination of subject matter experts and technical specialists who can help your business comply with the GDPR.
-
Governance, Risk and Compliance (GRC)
While business goals and strategies evolve, our services support you wherever you are in your business cycle. The digital economy is simultaneously increasing the magnitude of new business opportunities while increasing the difficulty of getting it right.
-
ISO 27001 and ISO 27701
Grant Thornton’s ISO 27001 and ISO 27701 specialists will arrange and oversee the formal audit process.
-
SOC 1,2,3
As a service organization there are many ways to provide assurance to your customers and in turn other stakeholders over your control environment. One of the most effective and cost-efficient ways is to issue a Service Organization Control (SOC) Report.
-
Incident Response
Grant Thornton’s Cyber Incident Response Team can support your business in the event of a cyberattack or data loss event. We work alongside your existing IT and Legal teams to provide a co-ordinated, timely and efficient investigation and remediation.
-
Hacking Services
At Grant Thornton, our cyber security experts can develop a bespoke penetration testing plan to meet your business needs and unique IT environment. We can undertake the full suite of testing or conduct individual assessments, as required.
-
Cyber Health Check
Approximately 54% of organizations report that they have experienced at least one cyber-attack during the past year. Grant Thornton’s cyber health check provides you with an objective, jargon-free assessment of your current cyber security, drawing on both qualitative and quantitative elements.
-
Dark Web Threat Intelligence
We use a variety of dark and deep web monitoring tools that continuously scans illegal sites to discover any mention of your data, ranging from breached security credentials such as usernames and passwords to leaked confidential documents of your company.
-
Digital forensics and electronic discovery
We offer a full suite of digital forensics and data acquisition services in investigations related to cybercrime, disputes, fraud and regulatory investigations.
-
Insolvency
If you're facing a time of personal or corporate financial crisis you need advice from someone who listens, who understands your specific issues and deals with them in a supportive and sensitive manner.
-
Crisis stabilisation and turnaround
In periods of financial distress, management teams often face considerable challenges, with many directors having little or no experience of similar conditions.
-
Operational and financial restructuring
Companies challenged by underperformance often need support in identifying options for financial or operational restructuring. Tapping this type of advice helps them create a stable platform for business turnaround.
-
Accelerated M & A
Even fundamentally sound businesses run into difficulties. Cash flow can come under pressure from the loss of a big client, or a dip in performance can threaten a breach of banking covenants if there is insufficient headroom.
-
Indirect Tax
Our experienced VAT specialists are available to assist companies and entrepreneurs of all industries and sizes in meeting their obligations.
-
Direct Tax
We can help you ensure a bespoke balance between tax compliance and effective tax planning for your special circumstances.
-
Ημερίδα Γνωριμίας με την Grant Thornton Κύπρου
Σας προσκαλούμε σε μια μοναδική ευκαιρία να γνωρίσετε την Grant Thornton Κύπρου! Την Τρίτη, 5 Νοεμβρίου 2024, θα έχετε τη δυνατότητα να συναντήσετε την ομάδα μας, να ενημερωθείτε για επαγγελματικές ευκαιρίες και να εξερευνήσετε πιστοποιήσεις όπως ACCA.
-
Life at Grant Thornton
At Grant Thornton Cyprus, we are taking a holistic approach and reimagining the way we work, continually assessing it and making necessary changes to better support our people.
-
In the community
Unlocking the potential for growth in our local communities.
-
Diversity and inclusion
Diversity helps us meet the demands of a changing world. We value the fact that our people come from all walks of life and that this diversity of experience and perspective makes our organisation stronger as a result.
-
Global talent mobility
One of the biggest attractions of a career with Grant Thornton Cyprus is the opportunity to work on cross-border projects all over the world.
-
Learning and development
At Grant Thornton we believe learning and development opportunities allow you to perform at your best every day.
-
Our values
We are a values-driven organisation and we have more than 56,000 people in over 140 countries who are passionately committed to these values.
3 Years of GDPR: overcoming today's challenges via digitalizing your privacy and cybersecurity compliance
GDPR and the important role of a Data Protection Officer
Before the introduction and enforcement of the General Data Protection Regulation (GDPR) back in May 2018, several organizations have been left exposed to risks that emerged from inadequate data protection and cybersecurity controls. Regardless of the organization type and size, data are being collected, processed, and stored without the appropriate controls in place. As a result of this, there is a high likelihood of data breaches and leakages with direct and severe consequences (i.e., reputational damage and harsh penalties) to data controllers. Nowadays, to address and minimize this likelihood, organizations must comply with the GDRP, a legislation designed based on privacy principles used to address privacy and cybersecurity requirements. Based on the core processing activities that organizations have to achieve their goals, and if those core activities are processing a large amount of personal data that are not proportionate based on the rights of the data subjects, organizations should appoint a Data Protection Officer (DPO).
Depending on the organization's type and size and the obligations towards GDPR compliance, DPO's could be appointed either internally (recruitment or dual-hat) or externally (DPO-as-a-Service / DPO Support services). Despite which option will be chosen, the DPO must have in-depth knowledge not only on GDPR's legal matters but also in domains such as Cybersecurity, along with the scope, context, and purpose of each processing activity of the organization. Some of the primary responsibilities that a DPO has, are:
- working towards the compliance of the organization with the GDPR and be aware of any changes in the data protection laws
- monitoring organization's data processing activities changes and initiate DPIA (Data Protection Impact Assessments) where is applicable
- collaborate with supervisory authorities
- promote data protection and cybersecurity training to promote and establish an awareness and education program to organisation's employees
- finally, DPO's must not be dismissed upon fulfilment of his/her task, as this position operates based on a constant monitoring function where any issues related to protecting personal data must be addressed in a timely and appropriate manner.
The challenges that DPOs and organizations are facing three years later
Such challenges start with the implementation of the GDPR as it is a colossal task itself to be fulfilled as raw data are scattered all over the organization's systems/divisions, making it extremely difficult to trace, access, update, share, and organize. In addition, by having limited and non-expert personnel assigned to this task, the challenge is exaggerated as to follow GDPR guidelines requires a dedicated team to be fully trained in order to carry out the implementation of the GDPR correctly. Furthermore, the lack of collaboration with other Departments/Organisational Units/Process owners adds an additional difficulty since DPOs cannot know where data reside, who is accessing them, how they are being used, and who is responsible for them. Therefore, any attempts to identify which data are being used as a part of their predefined purposes is extremely difficult to be determined. As a result of all those challenges, the lack of appropriate tools to manage data protection and privacy, DPO's won't be able to find a methodological approach to overcome compliance issues and provide efficient workflows by leveraging automated capabilities deployed across the organization.
Overcoming today's challenges via Digitalizing Privacy and Cybersecurity compliance
To timely identify and prioritize the organization's processing activities, an effective organizational structure must exist to ensure that all above challenges will be addressed sufficiently. To do so, most organizations and their DPOs are using spreadsheets to keep track of the privacy tasks (i.e., record of processing activities, data subject requests etc.) that take place within the organization. However, this approach possesses numerous challenges, such as the lack of meaningful results used to make vital and effective decisions, the lack of structured complex data and processes, and the absence of appropriate safeguards to monitor and control the recorded processing activities.
At Grant Thornton Cyprus, we overcome these challenges by using the Enactia SaaS platform (www.enactia.com) both internally but also for supporting our clients. Enactia is a cloud-based platform designed for Governance, Risk and Compliance (GRC), focusing on Cybersecurity and Data Protection. Enactia enables an organization to monitor its compliance towards various
At Grant Thornton Cyprus, we overcome these challenges by using the Enactia SaaS platform (www.enactia.com) both internally but also for supporting our clients. Enactia is a cloud-based platform designed for Governance, Risk and Compliance (GRC), focusing on Cybersecurity and Data Protection. Enactia enables an organization to monitor its compliance towards various legislations and frameworks such as GDPR, CCPA, PDPL, ISO27001 / ISO27701, NIST and many more. This platform comprises various interconnected modules that can adapt to business requirements and effectively deployed with complex processes. These modules can meet the requirements of GDPR such as Record of Processing Activities and Asset Register, Data subject Requests Management, Data Breach Registry and Reporting, Compliance Assessment, Ticketing Management, Risk Management, Vendor and Third-Party Management. In the case of GDPR, Enactia can assist the DPO in collecting the required information for fulfilling privacy-related tasks by using specific operations and functions to collaborate effectively with other organizational departments and employees.
All in all, with the digitalization era and the power of data, it is each organization's responsibility to take predictive, preventive, and mitigative measures towards data management and establish efficient and effective approaches. By complying with the regulatory requirements, organizations can set the groundwork for successful data governance while will ensure the quality, integrity, and security of their data and allow organizations to get the most benefits from their valuable assets.
-
Christos Makedonas Christos Makedonas, Managing Director, Grant Thornton (Cyprus) Cybersecurity LtdView Profile