Services
Our Grant Thornton Luxembourg team can provide you with a full range of audit and assurance services including audit of stand-alone annual accounts, audit of...
-
Audit of stand-alone annual accounts
At Grant Thornton Luxembourg, our team of experts is specialised in audits of stand-alone annual accounts.
-
Audit of consolidated annual accounts
Grant Thornton Luxembourg team of experts is specialised in providing audit services to a lot of multinational which have their administrative center located in Luxembourg for whom the consolidated annual accounts have to be audited.
-
Agreed-Upon Procedures Engagements
In the case of agreed-upon procedures engagement, Grant Thornton Luxembourg performs procedures particularly requested by the client/bank and reports on the findings.
-
GDPR-CARPA Certification
Grant Thornton Audit and Assurance is accredited by the Commission Nationale pour la Protection des Données (CNPD) to provide GDPR-CARPA certifications for organisations.
-
Forensic Audit
Grant Thornton Luxembourg has the forensic and business skills to deal with the most complex situations. A multi-disciplinary team of dedicated accountants in consultation with lawyers, IT consultants, insurance experts, valuation specialists and actuaries may be engaged when necessary.
-
Supervisory Auditor (Commissaire)
Grant Thornton Luxembourg has a dedicated team of experts committed to deliver services to reserved to Supervisory Auditor or "Commissaire aux Comptes".
-
Liquidation Audit
Grant Thornton Luxembourg has a dedicated team of experts committed to deliver services to reserved to liquidation audit "Commissariat à la liquidation".
-
Assurance Engagements
Grant Thornton Luxembourg have a dedicated team of experts committed to work on audit and assurance special engagements.
-
IFRS Services
At Grant Thornton Luxembourg, our experts can help you navigate the complexity of International Financial Reporting Standards (IFRS).
-
Valuation
Grant Thornton Luxembourg helps clients evaluate and implement various strategic alternatives through our comprehensive suite of corporate value consulting services. From opinions, board solutions and services, to valuation and modeling, we can assist you with value added services throughout the transaction lifecycle.
As your business grows, our business advisory services are designed to help you achieve your goals. Successful growth often means navigating a complex array of...
-
Governance, Risk & Compliance
Grant Thornton Luxembourg offers comprehensive services in Governance, Risk & Compliance (GRC) tailored to meet the evolving needs of businesses in today's dynamic regulatory environment. Our commitment is to provide personalised guidance and global expertise, ensuring that your company establish robust internal controls and navigates governance challenges effectively.
-
Structuring & Modeling
Grant Thornton Luxembourg offers workable solutions to maximise your value and deliver sustainable growth. Transactions or reorganisations are significant events in the life of a business, so the stakes are high for both buyers and sellers.
-
Data Protection and Privacy
EU General Data Protection Regulation (GDPR) - The real challenge consists of remaining compliant with GDPR and in being able to prove this compliance (accountability principle). Grant Thornton Luxembourg can help you with a tailored phase approach.
-
Sustainability services and impact reporting
At Grant Thornton, we recognise the need of our clients to operate responsibly and to meet the high standards posed by the sector they operate. We offer pragmatic, tailor-made solutions to our clients and we assist them to make the required transitions towards the implementation of sustainable business practices.
-
Whistleblowing services
Since May 2023, the Whistleblower Law has become effective in Luxembourg. What does this mean for your business? Our experts can advise and help you to set-up internal reporting channels and to comply with the new law.
In an industry that is constantly facing challenges both from the operational, legal, financial and regulatory perspectives, Grant Thornton Luxembourg is...
-
Alternative Investment Services
Grant Thornton Luxembourg is a bespoke business partner to established Alternative Investment Fund (“AIF”) Managers (“AIFM”) as well as independent Managers launching start-up Funds and seeking for a single entry point in Luxembourg in order to set-up and manage their Luxembourg domiciled Funds.
-
Fund Administration
Fund Administration - Grant Thornton Luxembourg offers a full range of tailored solutions to our clients.
-
Registrar & Transfer Agency Services, Client Reporting
Grant Thornton Luxembourg provides investors with confirmations, final Contract Notes and regular statements upon finalisation of the Fund’s Net Asset Value, We handle all wire payments and transfers, including the processing of distribution dividend payments, and perform in-depth Anti-Money Laundering Counter Terrorism Financing and Know-Your Client due diligence checks on investors.
-
Fund set-up, Launch & Corporate life
High-quality product structuring and legal services have become a crucial tool enabling industry players to get through the major changes impacting their business development, strategy and organisation as a whole. Our Investment Management practice at Grant Thornton Luxembourg is your one-stop place for expert advice combining pragmatism and a unique in-depth knowledge of the Luxembourg market.
-
AML Compliance Services
Grant Thornton Luxembourg helps its Clients to keep compliant with AML-CTF laws and regulations and provide an expert skilled team.
-
Regulatory Reporting Delivery
Grant Thornton Luxembourg has set up a Business Process Outsourcing Solution that manages and mutualises regulatory expertise, reporting solutions and skilled human resources
-
Legal Support & Corporate Services
Grant Thornton Luxembourg delivers Legal Support & Corporate services.
Grant Thornton Luxembourg has been delivering local and international direct and indirect (VAT) tax, payroll, transfer pricing, corporate finance, reporting,...
-
Accounting & Reporting Services
Grant Thornton Luxembourg may explore the specific characteristics of your company in order to provide a personalised assistance in the fields of Accounting & Reporting services.
-
Corporate Tax Compliance
Grant Thornton Luxembourg may explore the specific characteristics of your company in order to provide a personalised assistance in the fields of corporate tax compliance.
-
Direct Corporate Tax Advice
Grant Thornton Luxembourg understand the complexity of national and international tax laws. We can unlock your potential for local and international growth.
-
VAT and Other Indirect Tax Compliance
Handling the day-to-day VAT compliance obligations requires being close to your business. Our VAT compliance business line assists you to ensure that long term reporting processes are implemented and respected with the aim of safeguarding a proper and timely VAT filing. This is important for achieving a VAT compliant environment and mitigating local VAT risks.
-
VAT and Other Indirect Tax Advice
Our VAT advisory business line is dedicated to keeping you up to date with amended VAT legislation and changes in the administrative practice in Luxembourg and worldwide with our Grant Thornton global VAT network. Specialists review and comment on new EU directives and the latest case law by the Court of Justice of the European Union in order to provide you with advice tailored to your specific needs.
-
Transaction & Reorganisation
Reorganisations - Transaction Planning - Tax Structuring - M&A. Companies strive to improve their market position with take-overs, mergers and demergers. Strategy and financial tactics are important elements in this respect. Grant Thornton tax specialists may intervene in all stages of the transaction.
-
Transfer Pricing
The laws surrounding transfer pricing are becoming ever more complex, as tax affairs of multinational companies are facing scrutiny from media, regulators and the public. Grant Thornton Luxembourg can help you manage your transfer pricing risks and find opportunities.
-
Tax - Financial Services & Operational Tax
Our Tax - Financial Services team provides tax advisory services relevant for the Financial Services Industries and Operational Tax assistance. This includes tax advice, automatic exchange of information (FATCA, CRS, DAC 6, DAC 7 and DAC 8), advisory and compliance assistance regarding the US Qualified Intermediary (QI) regime, assistance regarding withholding tax reclaims, investor tax reporting and tax structuring in the context of Islamic finance.
-
Personal Tax
Our experienced multilingual Personal Tax Team is keen to give you tailored solutions, optimise your situation and help you make decisions. We could assist you with: income tax returns, vat returns, tax assessments, contacts with the tax authorities and assistance by tax audit or tax litigation, tax matters advices, inheritance tax matters, international assignments and trainings.
-
Cross-Border Tax
Tax policies are constantly evolving and there are a number of complex changes on the horizon that could significantly affect your business. We can help you with practical advice such as VAT and direct tax.
-
Corporate Finance
Exploring the strategic options available to you as a business or shareholder, advising and project managing the chosen solution, Grant Thornton Luxembourg provide a truly integrated corporate finance offering. Merger & acquisition, buying a business, selling a business, transaction piloting,raising finance to support your business plans.Vendor due diligence, acquisition due diligence, reporting accountant work,operational due diligence, management assessment.
-
Expatriate Tax
Although international employment has become a standard practice in business life, employers and their assignees are still faced with numerous questions in this area. Grant Thornton Luxembourg can help you to be one step ahead.
-
Set-up, Restructuring & Business Planning
Grant Thornton Luxembourg is delighted to add value during the implementation of your businesses and to be given the opportunity to grow together with you. Relying on our professionals’ financial expertise will allow you to take dynamic but sustainable decisions.
-
Corporate Secretarial Services
Grant Thornton Luxembourg provides corporate secretarial services to enable our clients to comply with their legal and administrative obligations in Luxembourg.
-
Liquidation & Insolvency
Grant Thornton Luxembourg can draw on years of experience in the areas of liquidation and insolvency and then make sensible recommendations on how best to deal with your financial crisis.
-
Human Resources Management & Payroll
Grant Thornton Luxembourg has been delivering since 1987 Payroll and Human Resources services to private and institutional clients. A team of highly qualified collaborators manages around 7 000 payslips per month and offers related consulting services.
Our Technology team comprises experienced professionals with expertise in various security domains, including information security strategy, third party risk...
-
Information Security
Grant Thornton Luxembourg offers Information Security services with a strong security expertise to avoid data breaches. We also have dedicated resources for all your cybersecurity challenges.
At Grant Thornton Luxembourg we provide the expertise and support that the asset management industry needs to thrive in today’s evolving market.
Grant Thornton Luxembourg offers dedicated services to banks in Luxembourg including: lifecycle of legal entities, governance improvement and transformation...
Grant Thornton Luxembourg is dedicated to provide services to consumer products companies.
Grant Thornton Luxembourg is committed to becoming an eco-friendly participant by supporting companies investing in the use of natural resources and in the...
The Grant Thornton EU Institutions Desk’s knowledge of public sector combined with Grant Thornton local and global network reach is helping to develop the...
International mobility - Expatriates' desk from Grant Thornton Luxembourg can provide organisations, HR departments and individuals with a follow-up to help...
We can help all types of healthcare clients, including hospitals, nurseries, pharmaceutical laboratories, foundations and personal assistance organisations to...
Grant Thornton Technology Hub stems from the ambition to complement the current consulting offering for financial institutions with dedicated technology...
Grant Thornton Luxembourg is dedicated to providing a full range of services to liberal professions and freelancers.
Grant Thornton Luxembourg is dedicated to provide a full range of services to not for profit organisations and charities.
Grant Thornton Luxembourg is dedicated to support Professionals of the Financial Sector (investment companies, investment firm, specialised PFS) and create...
Grant Thornton Luxembourg is dedicated to providing a full range of services to Real Estate Investors in Luxembourg, valuations, structuring business,...
Grant Thornton Luxembourg is dedicated to providing a full range of services to SME and private-owned enterprises.
-
MySmartOffice
Grant Thornton Luxembourg offers a new complete online accounting and consulting solution for SMEs named MySmartOffice to access financial and operational information instantly online.
GDPR-CARPA Certification Process
About GDPR-CARPA
GDPR-CARPA stands for GDPR-Certified Assurance-Report based Processing Activities certification mechanism.
It is developed by the Commission Nationale pour la Protection des Données (the ‘CNPD’) in Luxembourg with the objective to provide the data controllers and/or data processors with a reasonable assurance that they have set up, implemented and that they are operating technical and organisational measures to comply with the GDPR for the processing activities in scope of the certification.
The GDPR-CARPA certification scheme is a voluntary process to assist controllers and/or processors in supporting their demonstration of compliance with the GDPR to other businesses, to a supervisory authority or to the data subjects, meaning that they demonstrated the existence and implementation of appropriate measures for the protection of personal data as required by the GDPR.
The assessment leading to the certification needs to be based on an assurance report that is to be executed according to the ISAE 3000 standard. The International Standard on Assurance Engagements (ISAE) has been developed by the International Auditing and Assurance Standards Board (IAASB) and deals with assurance engagements other than audits or reviews of historical financial information.
Grant Thornton Audit and Assurance as a certification body
Grant Thornton Audit and Assurance S.A., Luxembourg (“GTAA”) is accredited by the CNPD to be a certification body eligible to perform GDPR-CARPA certification assessments and issue GDPR certificates following the completion of an ISAE 3000 assurance engagements for the test of design and test of operational effectiveness.
GDPR-CARPA certification criteria
GTAA will perform the certification assessment against using the GDPR-CARPA criteria developed by the CNPD as a benchmark.
The CGPR-CARPA certification criteria as published by the supervisory authority could be consulted on the CNPD’s website.
Validity of the GDPR-CARPA certification
The initial GDPR certificate:
- Is valid for a period that equals the period covered by the ISAE 3000 assurance engagement (minimum 6 months, and maximum 1 year);
- Is valid from the date starting on the first day following the end of the period under review (Example: if the reviewed period was 1 January 2020 to 31 December 2020, the GDPR certificate is valid from 1 January 2021 through 31 December 2021)
A GDPR certificate could be renewed for up to 3 years, subject to:
- Every year (at the ISAE 3000 engagement anniversary) GTAA performs a new ISAE 3000 assurance engagement for the same scope of processing activities covered by the initial GDPR certificate;
- Each assurance audit ends up with a positive certification decision;
- Should any of the subsequent assurance audits from the maximum 3-year period end up with a negative decision, the GDPR certificate could be suspended, reduced, terminated or withdrawn.
Example: a GDPR certificate with a total validity of 3 years, period covered by the ISAE3000 assurance engagements is 12 months (starting 1 January).
Certification procedure
For more information on how the certification procedure is organised, please consult the following documents:
- Certification evaluation procedure
- Rules and procedure for granting, maintaining, extending or reducing the scope of certifications, as well as their suspension, withdrawal or refusal
- Procedures for handling complaints and appeals about infringements of the certification or the manner in which the certification has been, or is being, implemented by the controller or processor pursuant to Article 43(2) of the GDPR
- Description of the rights and duties of applicants and clients to the certification process, including requirements, restrictions or limitations on the use of the certification’s body’s name, and the CNPD’s certification mark and on the ways of referring to the certification granted
- A description of the means by which GTAA obtains financial support and general information on the fees charged to applicants and to clients
Directory of certified processing activities
Information on all GDPR-CARPA certifications issued by GTAA shall be made available in the directory of certified processing activities in the section below.
Executive summary of certification decision documentation for each certification decision made by GTAA shall be made available in the section below.
Disclaimer about the auditor’s responsibility
This GDPR-CARPA assurance engagement involves performing procedures to obtain evidence about the level of data protection compliance of the Client’s processing activities in scope. The evaluation procedures selected depend on the judgement of the practitioner, including the assessment of the risks of material misstatement of the processing operations.
Because of the test nature and other inherent limitations of the practitioner’s engagement, together with the inherent limitations of any control system, there is an unavoidable risk that even some material misstatements may remain undiscovered despite a reasonable conduct of the GDPR-CARPA assurance engagement and for which the practitioner may not be held liable in any circumstance.
The issued ISAE 3000 report and the GDPR-CARPA certification do not constitute assurance as to the future compliance of the Client with the applicable data protection laws after the period covered by the valid certification. The Practitioner is not liable for any loss or damage caused by, or arising from, any fraudulent acts, misrepresentation or willful default on the part of the Client, its managers, employees or agents.
Read more
Get in touch
Partner, Audit & Assurance
Hugues Wangen
AUDIT & ASSURANCE
Contact