The last decade has seen unprecedented regulatory demand for organisations to have systems and processes in place which secure any personal data held and to ensure the privacy of the individuals involved is respected. Failure to ensure privacy can lead to potential fines and serious reputational damage to the organisation.

The Grant Thornton Privacy and Data Protection team has witnessed a sizable increase in demand for solutions to the growing issues in the privacy landscape.

Our dedicated team of specialists includes subject matter experts, technical specialists and legal professionals.All of our specialists can also draw upon the global expertise of the Grant Thornton consulting team when required.

Our services

  • Data Protection Maturity Models: Our simple model gives a holistic view of data protection maturity across client organisation. It’s powerful tool for assessing data protection maturity, highlighting key risk areas, creating a roadmap, and presenting an executive summary view.
  • Data Protection as a Service (DPaaS): Data protection or data protection officer as a service is a key offering. We work with clients to help them meet their data protection challenges either by acting as their data protection officer or, where they have one in place, act as their data protection team. Clients can rest assured they are kept constantly up to date with the latest regulatory, legislative and technological changes.
  • Privacy Transformation: Privacy transformation involves large scale data protection projects where we assist clients to change or set up new fundamental data protection processes.


  • Data Protection Impact Assessment (DPIA): Data Protection Impact Assessment’s (DPIA’s) are required where clients’ personal data processes are assessed as high risk. We carry out an assessment of the processes used for managing and storing that data, identify the risks and recommend areas for action. Smaller organisations which do not require a full assessment can avail of a light version of the service.
  • Subject Rights Requests and Breach Management Services: We can design and run your whole processes or any part of them. From fulfilling requests and redaction through to engaging with the regulator on breaches, we cover the full breath of data protection capabilities.
  • Data Protection Training: From general computer based training to highly specific and tailored training delivered in an environment best suited to you. Our team designs and delivers data protection training for all levels within an organisation on many aspects of data protection.

Whether you are mandated to have a GDPR audit, require due diligence on a target, or simply wish to review existing structures to identify areas for efficiency and effectiveness, we have the solution for you.

Our methodologies have been developed with a host of contributors from both industry standards and clients. With the knowledge and expertise of our Grant Thornton International network to our local subject matter advisors, we can meet your needs in a cost efficient and practical manner.

Why Grant Thornton

Here at Grant Thornton, our Privacy and Data Protection service offering is always evolving and transforming to best serve the needs of our clients, with our diversified expertise enabling us to tailor solutions to meet the client’s specific requirements.

For example, our Subject Rights Request service (where we can locate, redact and share GDPR data requests) takes advantage of the leading-edge technology utilised by our eDiscovery practice, thereby building synergies enabling us to maximise our effectiveness and efficiency flexibly, while minimising any impact on client business activities.