Compliance

Compliance at Grant Thornton

At Grant Thornton, we store extensive information and data concerning both clients and employees.

It has always been essential to us that both clients and employees feel secure when entrusting data to us. We actively work to comply with professional best practices as well as applicable legislation.

 

Grant Thornton’s Data Ethics Policy

Fairness and Reasonableness

We are committed to doing what is right and to handling personal data only in ways that clients and employees can reasonably expect. We do not use personal data in ways that result in unjustified negative consequences.

Grant Thornton is committed to continuously assessing whether the use of personal information can be justified and whether processing is compatible with what can be expected in a free and democratic society and in accordance with human rights principles.

Transparency

We ensure transparency for clients, employees, and business partners in the collection, use, and storage of data. This ensures that relevant parties are well informed about how their data is used and protected, enabling them to make informed decisions regarding their personal information.

This includes clear communication about:

  • The purpose of data collection
  • The types of data collected
  • How data is processed
  • Who data is shared with
  • How long data is retained

Data Security

To maintain high ethical standards in data handling, we ensure that appropriate technical and organisational security measures are implemented to prevent accidental or unlawful destruction, accidental loss, alteration, and unauthorised disclosure of or access to data.

Based on our objectives, we have implemented a data ethics policy supported by defined workflows and internal controls.

Legally, we are required as a company to establish and implement processes describing how we work with data ethics. This aligns closely with our fundamental position that we operate ethically and responsibly.

At Grant Thornton, we define data ethics as doing what is right for people and society.

 

IT Security and IT Governance

IT security is critical to our ability to operate our business and safeguard our data. We operate according to the principles of:

  • Confidentiality
  • Data integrity
  • Availability

Our controls are aligned with relevant control objectives based on ISO 27001/27002. We are also subject to compliance requirements from Grant Thornton International concerning both organisational and technical controls.

We undergo continuous internal and external audits and consistently enhance our IT security framework.

In specific situations, clients and business partners may be informed about our security setup. This is done strictly in a manner that preserves the confidentiality of other clients’ data. Certain information is not disclosed externally; however, we may confirm specific matters in writing where appropriate.

Access to information regarding Grant Thornton’s IT security is granted by agreement with the company’s CIO and the responsible partner.

 
GDPR at Grant Thornton

At Grant Thornton, data protection is a core value. We are committed to safeguarding your personal data and recognise that transparency is fundamental to building trust.

We protect your privacy and ensure that your personal data remains confidential and secure. Our commitment is to uphold the highest standards of compliance and security in the processing of personal data.

We achieve this by complying with the EU General Data Protection Regulation (GDPR) and the Danish Data Protection Act. Additionally, we closely monitor rules, guidance, and relevant decisions issued by the Danish Data Protection Agency to ensure that your data is handled in accordance with legal requirements.

We prioritise the implementation of effective security measures. Our systems are protected by both technical and physical safeguards, which are continuously monitored to prevent unauthorised access, breaches, or misuse of personal data.

We are committed to continuous improvement. We proactively review and update our procedures to stay ahead of potential risks and ensure ongoing protection of your personal data.

GDPR compliance is a high priority at Grant Thornton. We maintain transparency regarding our policies and measures that contribute to safeguarding your data. We have clear and precise policies governing the collection, processing, storage, and use of personal data.

Our Privacy Policy provides detailed information about how we process personal data, whether you are a job applicant, website visitor, or client.

Data Minimisation

Data minimisation is a key principle at Grant Thornton. We collect only the information necessary to deliver our services. Your data is used exclusively for the purposes described in our processing activities as outlined in our Privacy Policy and Cookie Policy. We do not engage in unnecessary data collection.

Sub-processors

Grant Thornton works with trusted sub-processors that support the delivery of our audit and advisory services. Our commitment to protecting your personal data extends to these sub-processors.

Our Privacy Policy, Cookie Policy, Transparency report, and Whistleblower Policy provide further detail on how we process and protect data. 
 

Related policies and reports

Whistleblowing

Read more

Privacy Policy

Read more

Transparency report

Read more

Data Processing

Read more

Cookie Policy

Read more