Grant Thornton can help you when you need advice on data protection related matters.

In Grant Thornton, the data protection advisory team includes data protection specialists with international data protection certificates, lawyers and IT specialists.

Also, Grant Thornton has local data protection experts in Estonia, Latvia and Lithuania where our specialists speak the local language and have expertise in local data protection legislation.

Data mapping

Document data processes as visual data flow charts or records of processing activities.

Records of processing activities (ROPA)

GDPR requires all data processors to document and record their data processing activities. Grant Thornton maps data processes and using proprietary model puts together a ROPA.

Ensuring compliance of documents and processes

Making sure various processes and documents are compliant with the data protection requirements, including:

  • Privacy policy published on the company’s website to informing people of data processing activities of the company to ensure compliance with the GDPR transparency principle.
    • The privacy policy will include, when appropriate, cookie policy.
  • Data protection policy that includes:
    • Explanation to employees how their employer processes their data
    • Establishing client data processing rules
    • How to respond to data subject access requests
    • Data breach policy
  • Ensuring compliance of processor or/and joint-controller contracts with the requirements of GDPR.
Article 5 steps to company's GDPR compliance Read more