-
Business Consulting
Our Consulting team guarantees quick turnarounds, lower partner-to-staff ratio than most and superior results delivered on a range of services.
-
Business Risk Services
Our Business Risk Services team deliver practical and pragmatic solutions that support clients in growing and protecting the inherent value of their businesses.
-
Corporate Finance
Our experienced Corporate Finance team has provided a range of transaction, valuation, deal advisory and restructuring services to clients for the past two decades.
-
Digital Risk
Our Digital Risk team offer advisory and consulting solutions that give our clients peace of mind, clear value for money and an enhanced ability to react to cyber attacks.
-
Digital Transformation
Our Digital Transformation team work with business leaders to deliver efficient digital strategies and operating models that provide new or enhanced capabilities.
-
Forensic and Investigation Services
Our Forensic and Investigation Services team have targeted solutions to solve difficult challenges - making the difference between finding the truth or being left in the dark.
-
Objectives and Key Results (OKRs)
Objectives and Key Results (OKRs) is a goal setting framework that helps teams, individuals and organisations set and track measurable goals.
-
People and Change Consulting
Our People & Change Consulting team help clients adapt to the changing nature of the workforce - how they attract, retain, engage, develop, deploy and lead their people.
-
Restructuring
Grant Thornton is Ireland’s leading provider of insolvency and corporate recovery solutions.
-
Outsourced Payroll
Our outsourced payroll teams become your dedicated payroll department, aiming to process your payroll in the most cost effective and compliant manner.
-
Outsourcing
Grant Thornton's reliable and cost-effective outsourcing services help you streamline your business operations by taking care of your workload.
-
Audit and Accounting Advisory
Our Audit and Accounting Advisory team takes the headache out of multi-jurisdictional audit compliance requirements as well as technical compliance with accounting standards and legislation for clients.
-
Business Process Outsourcing
Grant Thornton’s Business Process Outsourcing (BPO) team serves the needs of rapidly growing mid-tier multinationals operating out of Ireland and other hubs through the provision of services across the full range of finance functions.
-
Flexible People Solutions
At Grant Thornton, our Financial Accounting and Advisory Services (FAAS) department have a dedicated team that help finance functions maximise efficiency.
-
Global Compliance & Reporting Solutions
Our Global Compliance & Reporting Solutions service offering covers a full suite of compliance services including financial statement preparation and related filings, dual bookkeeping, direct and indirect tax, statistical returns and payroll.
-
Global Payroll Solutions
At Grant Thornton, we meet the challenges of our clients. Our Global payroll compliance service offering is tailored to meet all your payroll requirements through a single point of contact.
-
Grant Thornton Financial Counselling
Grant Thornton Financial Counselling (GTFC) comprises a team of highly qualified professionals who offer financial advice to individuals and corporates across a range of areas including savings, investments, pension planning, and inheritance and succession planning.
-
Inheritance Planning
Our services on Inheritance Planning mirror those on Succession Planning whereby the foundations of the plan are derived from meaningful conversations with those that wish to pass on or protect their asset base.
-
Personal Tax Compliance & Planning
The Grant Thornton Personal Tax team helps clients remain compliant and up to date with all of their tax obligations whilst ensuring that they are solutions driven and manage their finances in the most tax efficient way possible.
-
Succession Planning
We have extensive experience guiding our clients successfully through the succession process. This involves advice on both the qualitative and quantitative aspects of the process. While there is a business at the core of each succession plan we advise on, it is all predicated on understanding the people and their respective wishes.
-
Company Secretarial
Grant Thornton’s Company Secretarial team contains qualified Company Secretaries. Clients are assured that they will meet all of their obligations under the Companies Acts and other relevant legislation and regulations.
-
Corporation Tax
Our Corporation Tax team is made up of more than 40 highly experienced senior partners and directors who work directly with a wide range of domestic, international, and financial services clients. We place a strong emphasis on direct service to clients and we pride ourselves on the close personal relationships we build and the deep understanding of their businesses we develop
-
Employer Solutions
Attracting and retaining key talent, managing employment costs and ensuring compliance with complex tax rules presents one of the most serious challenges today for many businesses. You need to ensure that your business complies with increasingly complex tax legislation and can adapt to updated Revenue guidance in a cost-effective way and we are here to help.
-
Financial Services Tax
The Grant Thornton team is made up of experts who are fully up to date in terms of changing and evolving tax legislation. This is combined with industry expertise and an in-depth knowledge of the evolving financial services regulatory landscape.
-
Global Mobility Services
Grant Thornton Ireland offer a different approach to managing global mobility. We have brought together specialists from our tax, global payroll, people and change and financial accounting teams across Ireland and Northern Ireland, while drawing on the knowledge and insights of our global network of over 143 offices of mobility professionals to provide you with a holistic approach to managing global mobility.
-
International Tax
We develop close relationships with clients in order to gain a deep understanding of their businesses to ensure they make the right operational decisions. The wrong decision on how a company sells into a new market or establishes a new subsidiary can have major tax implications.
-
Tax Advisory
The Grant Thornton Tax Advisory team blends commercial experience and knowledge with tax expertise to advise clients on the full range of transactions including sales, mergers, restructurings and succession planning.
-
Tax Incentives
Our Tax Incentives team help clients access vital cash funding and tax incentives to enable them to achieve their growth ambition.
-
VAT
Grant Thornton’s team of indirect tax specialists helps a range of clients across a variety of sectors including pharmaceuticals, financial services, construction and property and food to navigate these complexities.
-
Real Estate Tax Advisory
The Irish real estate market has experienced considerable change in recent years. This has resulted in the emergence of a number of challenges for investors, but has also brought about significant opportunities. With this in mind, taxation is now more than ever one of the key factors for real estate investors when appraising investments, financing methods and development structuring.
The General Data Protection Regulation (GDPR) came into effect on 25th of May 2018. If your non-profit organisation has directors, employees, grantors, donors or a means of marketing, you are most definitely subject to the requirements of the GDPR. Compliance with GDPR is not only important in terms of respecting data subject’s rights, or to avoid fines up to €20 million or 4% of the organisation’s annual turnover but also to maintain the trust of donors, stakeholders and those to whom you provide a service.
The impacts of GDPR for non-profit organisations relate primarily to data held about your service users; your donors; and your staff or volunteers. Each of these groups have different privacy requirements and must be accommodated in your data handling processes and data protection measures.
Service users that your organisation works with may include children, vulnerable adults or individuals in a time of some need. The personal data you collect about these service users – depending on the services you provide – may include sensitive personal information (now known as special categories of data under GDPR). These special categories of data extend beyond traditional personal data elements such as name, address, phone number, etc., and include information which could potentially be used to discriminate against someone, such as their ethnicity, racial origin, medical history, disability status, sexual preference, or criminal history and so forth. Often this information is a vital part of the services you provide, or the use of your services may heavily imply such information about an individual.
Donors are key to most not-for-profit organisations. In order to maintain their trust and support, good data protection practices are required. In particular, you must determine how you contact donors and the lawful basis for doing so. GDPR and the ePrivacy Directive allow for donor contacts with their consent, or as a legitimate interest where the data subjects have previously donated and supported your organisation. Documentation of this lawful basis is a key part of maintaining compliance. You must also avoid sharing personal data without the appropriate controls.
The personal data of your volunteers and staff must similarly be protected and safeguarded, in particular as relates to their own special categories of data. Volunteers and staff must be trained in data protection measures, in particular as relates to data breach management; subject rights’ requests.
In the wake of significant privacy misunderstandings, such as the removal of rubbish bins from a prominent public sector body, and the removal of visitor books from public attractions, it is worth noting at this stage that data protection requirements can be over-zealously implemented. The important thing is to consider the risks to the individuals whose data is being processed.
ICO fines Non-Profits
152 data security incidents were reported to the UK’s Information Commissioner’s Officer in the year to March 2018. A third of such incidents were reported in the first three months of 2018. Between 2016 and April 2017, the ICO fined eleven charities, including Cancer Research UK and Great Ormond’s Street Hospital Children’s Charity. Most notably, the British and Foreign Bible Society has been fined £100,000 for putting personal data in jeopardy and potentially revealing the religious identity of its donors. Hackers accessed the personal data 417,000 of its donors. The ICO stressed, although the charity had been victim of a criminal attack, it failed to take appropriate and organisational steps to protect its supporters’ personal data.[1]
It is clear that non-profit organisations are not exempt from GDPR. Due to the types of data charities often possess from data subjects (credit card details, health data, political preferences, data relating to minors, recipients of benefits etc.) it is extremely important that organisations get to grips with the terms of GDPR on all levels. To assist with an improvement in compliance in non-profit organisations, the ICO has published a report carried out on eight charities to identify areas of good practice in terms of data protection and areas which need improvement.
The Wheel, Ireland’s national association of community, voluntary and charitable organisations also published a report in order to assist Irish non-profits in preparing for GDPR.
Consent
Consent remains only one of the possible lawful bases that can apply to processing data under the GDPR. Consent receives a disproportionate amount of attention given the changes from how consent was previously understood. The GDPR now makes clear a number of requirements for consent to be truly voluntary and not assumed by an organisation when it suits them.
- consent must consist of a clear affirmative action, e.g. ticking a box, ‘opting in’. Inactivity or silence is not enough, nor pre-ticked boxes;
- implied consent is no longer sufficient to demonstrate a legal basis for processing, however, consent through a course of conduct remains valid, e.g. a continuous donation via standing order/direct debit, until such time as the consent has been withdrawn;
- explicit consent is required for processing special categories of data. E.g. ticking a box, ‘opting in’; and
- you will also need a process to record consent, document it and manage requests to withdraw consent.
Retrospective Consent
Organisations will have to verify the nature of the consent they have previously obtained for existing data processing activities. If these consents fail to meet the standards imposed by the GDPR, organisations will either have to request new consent or seek another legal basis for the processing of personal data as outlined above.
Consent and Minors
Many organisations support and work with children. With this, special considerations must be implemented to protect children’s personal data. The Irish Government has set the digital age of consent for a child at 13. GDPR sets it at 16. Therefore, organisations may have to seek consent from a parent or guardian. You need to be able to verify that person giving consent on behalf of a child is allowed to do so and any privacy statements will need to be written in language that children can understand.
The Irish DPC has given advice regarding donations to Charities by SMS:
- the use of the phone numbers of donors for further electronic contact or to be put on a marketing database, may take place only where the phone subscriber concerned has actively opted in, to such use of their phone number in the knowledge that it will be used to contact them for direct debit and /or marketing/promotional purposes;
- it is not acceptable or lawful for a charity to place a donor's phone number on a marketing database, solely on the basis that the phone subscriber concerned made a donation to the charity using the SMS method; and
- the charity must have unambiguous (fully informed and voluntary) consent to send marketing or promotional messages or to make marketing or promotional phone calls to mobile phone numbers. ‘Opted-in’, phone subscribers must also be given the opportunity to ‘opt-out’ of marketing in each marketing communication which is subsequently sent to them.
Direct Marketing
Direct Marketing is a form of advertising which allows organisations to target individuals directly through a variety of media. Unlike mass advertising (television ads/radio etc.) which is presented to everyone, direct marketing is presented only to people who are suspected to have an interest or a need for an organisations’ products or services based on the information gathered about them.
Like SMS donations, obtaining consent correctly is essential for organisations who wish to carry out direct marketing.
The Charities Institute of Ireland issue guidelines on how to handle consent in terms of direct marketing:
- databases need to record the most recent status of consent for personal data collected;
- once again, charities will also need to be able to demonstrate ‘unambiguous’ consent; and
- if the organisation uses more than one type of consent wording (e.g. for websites, face to face, in-bound call, etc.) it is recommended that an electronic file comprising indicative copies of all past and present consent statements is kept. These will help to meet the GDPR requirement for evidence of consent, in the form of:
- status of consent (e.g. opt-in);
- channel (e.g. for marketing emails); and
- the purpose of communications.
[1] https://www.civilsociety.co.uk/news/ico-fines-charity-100-000-following-cyber-attack.html
