Organisations are now required to have in place systems and processes which secure the personal data held and protect the privacy of the individuals involved. The consequences of failure in terms of potential fines and reputational damage are potentially enormous.

This ever evolving privacy landscape has led to a significant increase in demand for the services offered by our Privacy and Data Protection team. Our dedicated team are made up of a combination of subject matter experts, technical specialists and legal professionals who can also draw upon the expertise of the Grant Thornton’s consulting team when necessary.

Our services

  • Data Protection Maturity Models: Our simple model gives a holistic view of data protection maturity across client organisation. It’s powerful tool for assessing data protection maturity, highlighting key risk areas, creating a roadmap, and presenting an executive summary view.
  • Data Protection as a Service (DPaaS): Data protection or data protection officer as a service is a key offering. We work with clients to help them meet their data protection challenges either by acting as their data protection officer or, where they have one in place, act as their data protection team. Clients can rest assured they are kept constantly up to date with the latest regulatory, legislative and technological changes.
  • Privacy Transformation: Privacy transformation involves large scale data protection projects where we assist clients to change or set up new fundamental data protection processes.


  • Data Protection Impact Assessment (DPIA): Data Protection Impact Assessment’s (DPIA’s) are required where clients’ personal data processes are assessed as high risk. We carry out an assessment of the processes used for managing and storing that data, identify the risks and recommend areas for action. Smaller organisations which do not require a full assessment can avail of a light version of the service.
  • Subject Rights Requests and Breach Management Services: We can design and run your whole processes or any part of them. From fulfilling requests and redaction through to engaging with the regulator on breaches, we cover the full breath of data protection capabilities.
  • Data Protection Training: From general computer based training to highly specific and tailored training delivered in an environment best suited to you. Our team designs and delivers data protection training for all levels within an organisation on many aspects of data protection.

Whether you are mandated to have a GDPR audit, require due diligence on a target, or simply wish to review existing structures to identify areas for efficiency and effectiveness, we have the solution for you.

Our methodologies have been developed with a host of contributors from both industry standards and clients. With the knowledge and expertise of our Grant Thornton International network to our local subject matter advisors, we can meet your needs in a cost efficient and practical manner.

Why Grant Thornton

Our Privacy and Data Protection services are constantly evolving to best suit our clients’ needs. Our diversified expertise allows us to uniquely meet specific requirements. For example, our Subject Rights Request service (where we locate, redact and share requested GDPR data requests) is complemented by our use of leading edge technology from our eDiscovery practice. We strive to maximise our effectiveness and efficiency in a pragmatic and flexible manner with least impact to client business activities.