-
Audit of stand-alone annual accounts
At Grant Thornton Luxembourg, our team of experts is specialised in audits of stand-alone annual accounts.
-
Audit of consolidated annual accounts
Grant Thornton Luxembourg team of experts is specialised in providing audit services to a lot of multinational which have their administrative center located in Luxembourg for whom the consolidated annual accounts have to be audited.
-
Agreed-Upon Procedures Engagements
In the case of agreed-upon procedures engagement, Grant Thornton Luxembourg performs procedures particularly requested by the client/bank and reports on the findings.
-
GDPR-CARPA Certification
Grant Thornton Audit and Assurance is accredited by the Commission Nationale pour la Protection des Données (CNPD) to provide GDPR-CARPA certifications for organisations.
-
Forensic Audit
Grant Thornton Luxembourg has the forensic and business skills to deal with the most complex situations. A multi-disciplinary team of dedicated accountants in consultation with lawyers, IT consultants, insurance experts, valuation specialists and actuaries may be engaged when necessary.
-
Supervisory Auditor (Commissaire)
Grant Thornton Luxembourg has a dedicated team of experts committed to deliver services to reserved to Supervisory Auditor or "Commissaire aux Comptes".
-
Liquidation Audit
Grant Thornton Luxembourg has a dedicated team of experts committed to deliver services to reserved to liquidation audit "Commissariat à la liquidation".
-
Assurance Engagements
Grant Thornton Luxembourg have a dedicated team of experts committed to work on audit and assurance special engagements.
-
IFRS Services
At Grant Thornton Luxembourg, our experts can help you navigate the complexity of International Financial Reporting Standards (IFRS).
-
Valuation
Grant Thornton Luxembourg helps clients evaluate and implement various strategic alternatives through our comprehensive suite of corporate value consulting services. From opinions, board solutions and services, to valuation and modeling, we can assist you with value added services throughout the transaction lifecycle.
-
Governance, Risk & Compliance
Grant Thornton Luxembourg offers comprehensive services in Governance, Risk & Compliance (GRC) tailored to meet the evolving needs of businesses in today's dynamic regulatory environment. Our commitment is to provide personalised guidance and global expertise, ensuring that your company establish robust internal controls and navigates governance challenges effectively.
-
Structuring & Modeling
Grant Thornton Luxembourg offers workable solutions to maximise your value and deliver sustainable growth. Transactions or reorganisations are significant events in the life of a business, so the stakes are high for both buyers and sellers.
-
Data Protection and Privacy
EU General Data Protection Regulation (GDPR) - The real challenge consists of remaining compliant with GDPR and in being able to prove this compliance (accountability principle). Grant Thornton Luxembourg can help you with a tailored phase approach.
-
Sustainability services and impact reporting
At Grant Thornton, we recognise the need of our clients to operate responsibly and to meet the high standards posed by the sector they operate. We offer pragmatic, tailor-made solutions to our clients and we assist them to make the required transitions towards the implementation of sustainable business practices.
-
Whistleblowing services
Since May 2023, the Whistleblower Law has become effective in Luxembourg. What does this mean for your business? Our experts can advise and help you to set-up internal reporting channels and to comply with the new law.
-
Alternative Investment Services
Grant Thornton Luxembourg is a bespoke business partner to established Alternative Investment Fund (“AIF”) Managers (“AIFM”) as well as independent Managers launching start-up Funds and seeking for a single entry point in Luxembourg in order to set-up and manage their Luxembourg domiciled Funds.
-
Fund Administration
Fund Administration - Grant Thornton Luxembourg offers a full range of tailored solutions to our clients.
-
Registrar & Transfer Agency Services, Client Reporting
Grant Thornton Luxembourg provides investors with confirmations, final Contract Notes and regular statements upon finalisation of the Fund’s Net Asset Value, We handle all wire payments and transfers, including the processing of distribution dividend payments, and perform in-depth Anti-Money Laundering Counter Terrorism Financing and Know-Your Client due diligence checks on investors.
-
Fund set-up, Launch & Corporate life
High-quality product structuring and legal services have become a crucial tool enabling industry players to get through the major changes impacting their business development, strategy and organisation as a whole. Our Investment Management practice at Grant Thornton Luxembourg is your one-stop place for expert advice combining pragmatism and a unique in-depth knowledge of the Luxembourg market.
-
AML Compliance Services
Grant Thornton Luxembourg helps its Clients to keep compliant with AML-CTF laws and regulations and provide an expert skilled team.
-
Regulatory Reporting Delivery
Grant Thornton Luxembourg has set up a Business Process Outsourcing Solution that manages and mutualises regulatory expertise, reporting solutions and skilled human resources
-
Legal Support & Corporate Services
Grant Thornton Luxembourg delivers Legal Support & Corporate services.
-
Accounting & Reporting Services
Grant Thornton Luxembourg may explore the specific characteristics of your company in order to provide a personalised assistance in the fields of Accounting & Reporting services.
-
Corporate Tax Compliance
Grant Thornton Luxembourg may explore the specific characteristics of your company in order to provide a personalised assistance in the fields of corporate tax compliance.
-
Direct Corporate Tax Advice
Grant Thornton Luxembourg understand the complexity of national and international tax laws. We can unlock your potential for local and international growth.
-
VAT and Other Indirect Tax Compliance
Handling the day-to-day VAT compliance obligations requires being close to your business. Our VAT compliance business line assists you to ensure that long term reporting processes are implemented and respected with the aim of safeguarding a proper and timely VAT filing. This is important for achieving a VAT compliant environment and mitigating local VAT risks.
-
VAT and Other Indirect Tax Advice
Our VAT advisory business line is dedicated to keeping you up to date with amended VAT legislation and changes in the administrative practice in Luxembourg and worldwide with our Grant Thornton global VAT network. Specialists review and comment on new EU directives and the latest case law by the Court of Justice of the European Union in order to provide you with advice tailored to your specific needs.
-
Transaction & Reorganisation
Reorganisations - Transaction Planning - Tax Structuring - M&A. Companies strive to improve their market position with take-overs, mergers and demergers. Strategy and financial tactics are important elements in this respect. Grant Thornton tax specialists may intervene in all stages of the transaction.
-
Transfer Pricing
The laws surrounding transfer pricing are becoming ever more complex, as tax affairs of multinational companies are facing scrutiny from media, regulators and the public. Grant Thornton Luxembourg can help you manage your transfer pricing risks and find opportunities.
-
Tax - Financial Services & Operational Tax
Our Tax - Financial Services team provides tax advisory services relevant for the Financial Services Industries and Operational Tax assistance. This includes tax advice, automatic exchange of information (FATCA, CRS, DAC 6, DAC 7 and DAC 8), advisory and compliance assistance regarding the US Qualified Intermediary (QI) regime, assistance regarding withholding tax reclaims, investor tax reporting and tax structuring in the context of Islamic finance.
-
Personal Tax
Our experienced multilingual Personal Tax Team is keen to give you tailored solutions, optimise your situation and help you make decisions. We could assist you with: income tax returns, vat returns, tax assessments, contacts with the tax authorities and assistance by tax audit or tax litigation, tax matters advices, inheritance tax matters, international assignments and trainings.
-
Cross-Border Tax
Tax policies are constantly evolving and there are a number of complex changes on the horizon that could significantly affect your business. We can help you with practical advice such as VAT and direct tax.
-
Corporate Finance
Exploring the strategic options available to you as a business or shareholder, advising and project managing the chosen solution, Grant Thornton Luxembourg provide a truly integrated corporate finance offering. Merger & acquisition, buying a business, selling a business, transaction piloting,raising finance to support your business plans.Vendor due diligence, acquisition due diligence, reporting accountant work,operational due diligence, management assessment.
-
Expatriate Tax
Although international employment has become a standard practice in business life, employers and their assignees are still faced with numerous questions in this area. Grant Thornton Luxembourg can help you to be one step ahead.
-
Set-up, Restructuring & Business Planning
Grant Thornton Luxembourg is delighted to add value during the implementation of your businesses and to be given the opportunity to grow together with you. Relying on our professionals’ financial expertise will allow you to take dynamic but sustainable decisions.
-
Corporate Secretarial Services
Grant Thornton Luxembourg provides corporate secretarial services to enable our clients to comply with their legal and administrative obligations in Luxembourg.
-
Liquidation & Insolvency
Grant Thornton Luxembourg can draw on years of experience in the areas of liquidation and insolvency and then make sensible recommendations on how best to deal with your financial crisis.
-
Human Resources Management & Payroll
Grant Thornton Luxembourg has been delivering since 1987 Payroll and Human Resources services to private and institutional clients. A team of highly qualified collaborators manages around 7 000 payslips per month and offers related consulting services.
-
Information Security
Grant Thornton Luxembourg offers Information Security services with a strong security expertise to avoid data breaches. We also have dedicated resources for all your cybersecurity challenges.
-
MySmartOffice
Grant Thornton Luxembourg offers a new complete online accounting and consulting solution for SMEs named MySmartOffice to access financial and operational information instantly online.
Implement the GDPR - how to get started
04 Feb 2020Knowing how to implement the requirements of the GDPR may appear unclear, as many firms have not done it to date, and struggle to figure out where to start. Since Grant Thornton has supported a number of firms implement the regulation in multiple sectors, this article describes a series of pragmatic guidelines on implementing the GDPR. This approach is equally relevant in a large multinational and a small SME.
How does it work?
We typically start GDPR implementation by performing an impact analysis. To do so we use a tool that comprises various lists of questions that are designed to assess the firm’s business and IT contexts and consider which GDPR requirements apply most to the firm.
The answers to questions put forward enables us to rapidly identify gaps, generating an overall picture on the current state of the firm’s organisational and information security measures in place to manage personal data protection. Captions below show snapshots of the gap analysis outcome for a firm that was assessed as having strong information security measures that exceed targets, but lack robust organisational measures.
We then use the results of this impact analysis to define an implementation roadmap. Based on our experience, when implemented, this roadmap should at the minima address the following requirements.
Requirement 1: Be transparent on the personal data that the firm processes
The GDPR requires firms to be transparent on the way they process personal data. Personal data can be as simple as an individual’s name, or any other identifier that can be used to spot them. The firm is obliged to inform these individuals accordingly about the rights they have on their personal data, including consultation, correction, and limiting its transfer or deletion. These rights are designed to give back control to individuals on how their personal data is processed.
Communication to individuals on processed personal data and related rights is usually made at the time that the firm receives personal data from individuals. For employees this can be conveyed in their employment contract. It is also a common practice to make this communication publically available on the firm’s website.
Requirement 2: Keep a register of the processes in place within the firm that involve personal data
The GDPR requires firms to ensure that they collect personal data for a specific purpose. This data should be kept up to date and stored for no longer than permitted based upon a pre-determined commercial purpose or because the law requires it.
To fulfil these duties, we strongly encourage firms to put in place a register of all processes that involve personal data. This register provides a snapshot of all types of personal data processing activities administered by the firm, which often pertain to marketing, provision of services and legal obligations.
This register can effectively be built and maintained using Microsoft Office in simple structures, and can be reinforced with workflows that outline how personal data flows, to better visualise personal data processing activities.
Requirement 3: Sign data protection clauses with the firm’s service providers
The GDPR requires firms to keep a solid handle on the personal data it processes and act responsibly at all times, even if it outsources some processes to third parties. This can occur when firms decide to house their personal data in data centres managed by third parties, or appoint specialist external payroll service providers to administer salaries and benefits.
A firm can leverage on the register of personal data processes described above to identify third parties with which it shares personal data, and sign data protection clauses with them. Such clauses must outline how personal data is handled and provide assurance to the firm that third parties have adequate organisational and information security measures in place to guarantee that they process the firm’s personal data in compliance with the regulation.
Should the involvement of a third party lead to the firm’s personal data being transferred to countries outside of the European Economic Area that do not offer levels of protection considered equivalent by the European Commission, we advocate defining additional contractual measures that provide assurance on the way the third party will process the firm’s personal data.
Requirement 4: Establish efficient organisational measures to address a data breach occurring within a firm
It can, and it often happens that personal data is breached. A breach of personal data can be something as simple as sending a mail containing personal data to a recipient who is not supposed to become aware of this personal data. It can also be a case of having an electronic file corrupted that the firm is unable to restore. It may also be a case of having one’s identity stolen such as when an employee’s inbox is hacked.
Identification of a data breach can be detected by a tool, but more often is notified by individuals. Therefore, the firm needs to raise awareness amongst staff to explain what events can be considered as a personal data breach so that they are rapidly escalated to the person in charge of personal data protection as described below. This person is best placed to assess whether the event constitutes a personal data breach and is worthy of being notified to the CNPD. Irrespective of whether the CNPD or the concerned person is informed, a log of all incidents needs to be kept at the firm. If the event is considered a personal data breach, then in parallel, measures need to be taken to limit any potential risk. We encourage firms to have an action plan in place for decision makers at the firm to know which steps need to be taken to rapidly address the breach.
Requirement 5: Have one person in charge of data protection
Because the implementation of the GDPR is a continuous project, we strongly advocate to have one person in the firm that oversees it is adhered to.
This person has several duties that include raising awareness on the regulation via trainings or e-learning sessions, and being a source of advice to the business.
Advice can encompass respecting the GDPR when implementing digitalisation projects that often involve the processing of personal data. It can also extend to overseeing the data protection implications in marketing campaigns. In this instance, this person should guide the marketing team on how to ensure promotional content is only shared with clients that have given their consent, and are provided with the ability to unsubscribe at any point in time.
When firms proceed to practice the requirements outlined above, the foundations of the GDPR are set. The impact analysis and the requirements that follow, enable the firm to have a proportionate and practical mechanism in place to achieve GDPR compliance. By following a pragmatic approach, firms inspire confidence to relevant stakeholders that their personal data processes are carried out in a structured and responsible manner.
Contact:
Meet our experts Lionel Gendarme, Advisory Partner at Grant Thornton Luxembourg, and Shariq Arif, Advisory Manager at Grant Thornton Luxembourg, and learn how to implement the requirements of the GDPR.
