-
Privacy and Data Protection
Our digital risk team is made up of a combination of subject matter experts and technical specialists who can help your business comply with the GDPR.
-
Governance, Risk and Compliance (GRC)
While business goals and strategies evolve, our services support you wherever you are in your business cycle. The digital economy is simultaneously increasing the magnitude of new business opportunities while increasing the difficulty of getting it right.
-
ISO 27001 and ISO 27701
Grant Thornton’s ISO 27001 and ISO 27701 specialists will arrange and oversee the formal audit process.
-
SOC 1,2,3
As a service organization there are many ways to provide assurance to your customers and in turn other stakeholders over your control environment. One of the most effective and cost-efficient ways is to issue a Service Organization Control (SOC) Report.
-
Incident Response
Grant Thornton’s Cyber Incident Response Team can support your business in the event of a cyberattack or data loss event. We work alongside your existing IT and Legal teams to provide a co-ordinated, timely and efficient investigation and remediation.
-
Hacking Services
At Grant Thornton, our cyber security experts can develop a bespoke penetration testing plan to meet your business needs and unique IT environment. We can undertake the full suite of testing or conduct individual assessments, as required.
-
Cyber Health Check
Approximately 54% of organizations report that they have experienced at least one cyber-attack during the past year. Grant Thornton’s cyber health check provides you with an objective, jargon-free assessment of your current cyber security, drawing on both qualitative and quantitative elements.
-
Dark Web Threat Intelligence
We use a variety of dark and deep web monitoring tools that continuously scans illegal sites to discover any mention of your data, ranging from breached security credentials such as usernames and passwords to leaked confidential documents of your company.
-
Digital forensics and electronic discovery
We offer a full suite of digital forensics and data acquisition services in investigations related to cybercrime, disputes, fraud and regulatory investigations.
-
Insolvency
If you're facing a time of personal or corporate financial crisis you need advice from someone who listens, who understands your specific issues and deals with them in a supportive and sensitive manner.
-
Crisis stabilisation and turnaround
In periods of financial distress, management teams often face considerable challenges, with many directors having little or no experience of similar conditions.
-
Operational and financial restructuring
Companies challenged by underperformance often need support in identifying options for financial or operational restructuring. Tapping this type of advice helps them create a stable platform for business turnaround.
-
Accelerated M & A
Even fundamentally sound businesses run into difficulties. Cash flow can come under pressure from the loss of a big client, or a dip in performance can threaten a breach of banking covenants if there is insufficient headroom.
-
Indirect Tax
Our experienced VAT specialists are available to assist companies and entrepreneurs of all industries and sizes in meeting their obligations.
-
Direct Tax
We can help you ensure a bespoke balance between tax compliance and effective tax planning for your special circumstances.
-
Ημερίδα Γνωριμίας με την Grant Thornton Κύπρου
Σας προσκαλούμε σε μια μοναδική ευκαιρία να γνωρίσετε την Grant Thornton Κύπρου! Την Τρίτη, 5 Νοεμβρίου 2024, θα έχετε τη δυνατότητα να συναντήσετε την ομάδα μας, να ενημερωθείτε για επαγγελματικές ευκαιρίες και να εξερευνήσετε πιστοποιήσεις όπως ACCA.
-
Life at Grant Thornton
At Grant Thornton Cyprus, we are taking a holistic approach and reimagining the way we work, continually assessing it and making necessary changes to better support our people.
-
In the community
Unlocking the potential for growth in our local communities.
-
Diversity and inclusion
Diversity helps us meet the demands of a changing world. We value the fact that our people come from all walks of life and that this diversity of experience and perspective makes our organisation stronger as a result.
-
Global talent mobility
One of the biggest attractions of a career with Grant Thornton Cyprus is the opportunity to work on cross-border projects all over the world.
-
Learning and development
At Grant Thornton we believe learning and development opportunities allow you to perform at your best every day.
-
Our values
We are a values-driven organisation and we have more than 56,000 people in over 140 countries who are passionately committed to these values.
GDPR compliance, is not only the Data Protection Officer’s (DPO) responsibility, but a team-work between various stakeholders within the organisation, including the Board of Directors, Management, Departmental Heads and other key people, depending on the overall governance and organisational structure of the organisation.
Furthermore, GDPR compliance is not an one-off process, but it requires continuous effort for maintenance and enhancement. Maintaining and enhancing GDPR compliance is not an easy process, and this is mainly due to the need of the involvement of various people within an organisation. For this purpose, a need for a compliance tool, is integral part for enforcement of the governance structure, effective collaborations, and management of various GDPR tasks.
To this end, the existence of an operational compliance framework is essential to organisations to allow the delivery upon the Data Protection Legislation requirements. This framework should include the governance, roles and responsibilities, policies and procedures, processes, technologies and tools, which an organisation will maintain in order to fulfil and manage its on-going data protection obligations.
The DPO should monitor the compliance with the processes, policies and procedures, and the use of tools and technology, which incorporate the data protection principles. Compliance metrics should be produced and reported to the senior management.
Compliance with the data protection requirements is not a black-or-white neither a pass-or-fail matter. Although there are some specific requirements (such as the time to notify in the event of data breaches or the maintenance of a Record of Processing Activities (RPA)), compliance requires the data protection function (e.g., DPO, DPO team) to work closely with Departments (e.g. Head of Departments and Directors) across the organisation to sensibly and consciously apply a set of principles to the organisation, rather than meeting a prescriptive list of obligations. By necessity, compliance requires senior management in the organisation to be involved in compliance-related decisions, and that the rationale and basis for such decisions should be documented and available for later review.
The organisation’s strategy towards data protection compliance (in the context of preparing for the Data Protection Legislation to come into effect), includes short-term tactical solutions, and long- term strategic solutions such as IT support tools and potential automation to be adopted at the appropriate juncture as budget and resources allow. The tactical short-term solutions will address the high-risk processing activities undertaken in the organisation. The development of additional compliance measures, increased automation and the embedding of a compliance culture will then be a function of data protection maturity throughout the organisation.
To enable operational compliance framework to work effectively within the organisation, different roles and responsibilities should be assigned to various stakeholders.
For easy reference, these are divided into 6 layers:
- Layer 1: represents the internal governance structure with key data protection stakeholders across the organisation, the various senior management committees where data protection concerns will be reviewed and advised upon: the DPO; and the Departmental Data Protection Champions. Key responsibilities of individuals across the organisation to successfully operate, monitor and ensure adherence to the data protection processes should be clearly defined and communicated.
- Layer 2: represents the overarching Personal Data Protection Policy and the supporting policies in relation to governing data protection across the organisation. The Personal Data Protection Policy sets out the personal data protection principles and the obligations of the organisation concerning the protection of personal data. Supporting policies should be developed, including among others, the Personal Data Retention Policy, the Information Technology Framework, Breach management procedure, etc.
- Layer 3: represents the data protection processes, which are to be operated monitored and adhered to across the organisation. These could include processes related to the management of Subject rights requests, coordination and reporting of breaches, maintenance of the Records of Processing Activities, etc.. Additionally, key procedures and guidelines could be developed, supporting the key processes, indicating a step-by-step process.
- Layer 5: represents the Data Protection tools and Artefacts. Tools may be required to manage data protection processes (e.g. a breach management log to track the management of breaches).
- Layer 6: represents a GDPR Compliance tool, that assists the organisation in maintaining the compliance with the GDPR, and enforces effortless collaboration between the various functions such as departmental heads, DPO, IT, Risk Management, legal and compliance.
To sum up, the key elements of the compliance with the privacy laws and regulations apart from the existence of traditional measures, such as a designated DPO and written policies and procedures, managements and boards involvement is crucial, especially for the decision making, monitoring and enforcement, effective lines of communication between the management and the departments, should be established.
Contact me at anna.papaonisiforou@cy.gt.com or at +35722600000 to guide you through your privacy operational compliance journey or click here to read more about our digital risk services.
-
Anna Papaonisiforou Anna is a Digital Risk Senior Manager at Grant Thornton Cyprus with more than 10 years of combined consulting experience in information security, data protection, governance, assurance, risk and compliance spanning, financial services, hospitality industry and other sectors. Anna has been involved in the delivery of different projects and she has successfully managed a wide range of projects being the responsible project manager to large and complex assignments. She is a Certified Information Systems Auditor (CISA) by ISACA, Certified Data Privacy Solutions Engineer (CDPSE) by ISACA, a member of the Association of Chartered Certified Accountants (ACCA) and an ISO27001 Lead Implementer.