-
Financial administration
An accurate financial administration provides you with the information you need to take the right decisions. The big advantage of a digital financial administration is that it provides insight into your most important financial processes at any time, whether this is the invoices, salary payments or bank changes.
-
Financial insight
You want to take the right decisions, based on trustworthy and clear management information. You want to have access to all your financial data, 24/7, in order to determine your position and be able to adjust where necessary.
-
Global compliance partnering
Outsourced compliance services comprises the total financial compliance of your business, in accounting, financial reporting, payroll, legal and various tax reporting obligations. We can make sure you don’t have to worry.
-
Business risk services
Minimize risk, maximize predictability, and execution Good insights help you look further ahead and adapt faster. Whether you require outsourced or co-procured internal audit services and expertise to address a specific technology, cyber or regulatory challenge, we provide a turnkey and reliable solution.
-
Corporate finance
Finding a suitable match at the most optimum terms. That, in a nutshell, aptly describes the objective of mergers and acquisitions. To most businesses mergers or acquisitions are not standard daily practice. It is, however, for the professionals at Grant Thornton! Seeking their services will add value instantly.
-
Cyber risk services
What should I be doing first if my data has been kidnapped? Have I taken the right precautions for protecting my data or am I putting too much effort into just one of the risks? And how do I quickly detect intruders on my network? Good questions! We help you to answer these questions.
-
Impact House
Building sustainability and social impact. That sounds good. But how do you go about it in the complex world of stakeholders, regulations and frameworks and changing demands from clients and society? How do you deal with important issues such as climate change and biodiversity loss?
-
Transaction services
What will the net proceeds be after the sale? How do I optimise the selling price of my business or the price of one of my business activities? How do I capitalise on synergies following an acquisition? Am I not offering too much? These are all good questions when you’re buying or selling a business. It’s a transaction that concerns significant amounts, impacts your future, and therefore must be executed properly. We provide a solid foundation for your decisions.
-
Valuation, investigation & dispute services
Do you require a fact finding investigation to help assess irregularities? Is it necessary to ascertain facts for litigation purposes?
-
Auditing of annual accounts
You are answerable to others, such as shareholders and other stakeholders, with regard to your financial affairs. Financial information must therefore be reliable. What is more, you want to know how far you are progressing towards achieving your goals and what risks may apply.
-
IFRS services
Financial reporting in accordance with IFRS is a complex matter. Nowadays, an increasing number of international companies are becoming aware of the rules. But how do you apply them in practice?
-
ISAE & SOC Reporting
Our ISAE & SOC Reporting services provide independent and objective reports on the design, implementation and operational effectiveness of controls at service organizations.
-
Pre-audit services
Pre-audit services is all about making the company’s entire financial administration ready for checking before the external accountant begins his/her audit of the annual accounts.
-
SOx law implementation
The SOx legislation dictates that management is structurally accountable for reporting on the internal control relevant to the financial statements.
-
International corporate tax
The Netherlands’ tax regime is highly dynamic. Rules and the administrative courts raise new challenges in fiscal considerations on a nearly daily basis, both nationally and internationally.
-
VAT advice
VAT is an exceptionally thorny issue, especially in major national and international activities. Filing cross-border returns, registering or making payments requires specialised knowledge. It is crucial to keep that knowledge up-to-date in order to respond to the dynamics of national and international legislation and regulation.
-
Customs
Importing/exporting goods to or from the European Union involves navigating complicated customs formalities. Failure to comply with these requirements usually results in delays. In addition, an excessively high rate of taxation or customs valuation for imports can cost you money.
-
HR services
Do your employees determine the success and growth of your organisation? And are you in need of specialists which you can ask your Human Resources (HR) related questions? Human Resources (HR) related questions? Our HR specialists will assist you in the areas of personnel and payroll administration, labour law and taxation relating to your personnel. We provide you with high-quality personnel and payroll administration, good HR guidance and the right (international) advice as standard. All this, of course, with a focus on the human dimension.
-
Innovation & grants
Anyone who runs their own business sets themselves apart from the rest. Anyone who dares stick their neck out distinguishes themselves even more. That can be rather lucrative.
-
Tax technology
Driven by tax technology, we help you with your (most important) tax risks. Identify and manage your risks and become in control!
-
Transfer pricing
The increased attention for transfer pricing places greater demands on the internal organisation and on reporting.
-
Sustainable tax
In this rapidly changing world, it is increasingly important to consider environmental impact (in accordance with ESG), instead of limiting considerations to financial incentives. Multinational companies should review and potentially reconsider their tax strategy due to the constantly evolving social standards
-
Pillar Two
On 1 January 2024 the European Union will introduce a new tax law named “Pillar Two”. These new regulations will be applicable to groups with a turnover of more than EUR 750 million.
-
Cryptocurrency and digital assets
In the past decade, the utilization of blockchain and its adoption of a distributed ledger have proven their capacity to revolutionize the financial sector, inspiring numerous initiatives from businesses and entrepreneurs.
-
Expand into new markets
Do you seek for opportunities in the global business arena? Whether you are about to open a new office in a foreign country or considering an international acquisition, you need certainty of making the right choices for your company. Global expansion isn’t always as simple as it sounds. The good thing is that we’re here to help!
-
Expanding your business in the Netherlands
International expansion is an important step. The Netherlands can be your gateway to Europe for doing business abroad. But why you should choose the Netherlands?
-
Global contacts
Wherever you choose to do business, you want access to people with the best ideas and critical thinking that will enable you to grow your business at home and abroad.
-
Corporate Law
From the general terms and conditions to the legal strategy, these matters need to be watertight. This provides assurance, and therefore peace of mind and room for growth. We will be pro-active and pragmatic in thinking along with you. We always like to look ahead and go the extra mile.
-
Employment Law
Small company or large multinational: in any company your people are of the utmost importance for your business. Employment brings with it many issues in many areas and often has legal consequences. For big strategic, but also for more everyday questions about employment law, our lawyers are ready to help you out. Also for questions about international employment law. Do you have your own HR department? We’ll gladly assist them. We deliver bespoke services and are there when you need us.
-
Specialist Areas
Besides our focus on corporate and employment law, we also advise entrepreneurs on a range of (specialist) legal issues. A corporate acquisition, your company administration, complex question in the field of healthcare issues: you have come to the right place.
-
Maritime sector
How can you continue to be a global leader? The Netherlands depends on innovation. It is our high-quality knowledge which leads the maritime sector to be of world class.
-
Growth in an international network
At Grant Thornton, you will benefit from the expertise and quality of colleagues around the world who will benefit your knowledge, advice and growth.
-
Varied customer portfolio
The customer package at Grant Thornton varies from (large) SME customers to (small) corporate customers. From local customers to customers from the international network of Grant Thornton International Ltd. All this diversity in customers can also be recognized in your customer package.
-
Culture
At Grant Thornton we combine a solid base with a flexible and results-driven mentality.
Technology companies are most vulnerable
The annual global cost of cybercrime is estimated to hit US$6tn in 2021, up from US$3tn in 2015.(i) James Arthur, partner and head of cyber consulting at Grant Thornton UK agrees. “Technology companies are particularly impacted.”
“It is important for technology companies to develop a digital risk strategy based on their most strategically important data assets,” says James. “After all, they typically hold more data than non-tech companies and often lead the way in adopting new technologies, which can create cyber vulnerabilities.”
B2C technology companies also house and process huge volumes of sensitive, personal information. It is therefore no surprise that IT was the most targeted sector for web application cyber-attacks last year.(ii)
Added together (and as revealed in our previous cyber research) this means that technology companies are now more vulnerable to cyber attacks and customer data breaches than ever before. This not only exposes them to hefty regulatory fines, but also business-crippling reputational damage.
Get ahead of regulators
In the last three years, technology companies made great efforts to comply with new data privacy and protection regulations, not least GDPR. Most large technology companies are now compliant, but they must remain vigilant. Data protection regulations are becoming stricter and the penalties for non-compliance are increasing. What’s more, customers are becoming more aware of privacy issues and are prepared to punish companies for not taking it seriously.
Technology companies must respond by going above and beyond the minimum required by the regulator on privacy. “Tech companies today need to go beyond the basics to ensure compliance because these companies service their clients in a regulated industry and are largely data controllers, while their clients may be data processors,” confirms Akshay Garkel, advisory partner at Grant Thornton India.
“Cloud service providers may be required to maintain 10 out of 20 (for example) data controls for minimum compliance. But they shouldn’t stop there. In the spirit of ensuring security and privacy they might want to go at least four or five notches above the minimum expected from the regulator because clients will demand it.”
The tightrope between privacy and analytics
But a careful balance must be struck. Customers will appreciate technology companies going the extra mile on privacy, but not if it restricts their ability to receive personalised offers or the development of products tailored to their individual needs.
Individual companies aside, overbearing privacy law prevents the use of data to drive positive societal outcomes, be that in relation to healthcare, disease monitoring or traffic accident reduction. So, governments and regulators must also be careful not to enact overly restrictive privacy laws.
“The balance between data protection and using data for the public good is a key debate for society,” says Nick Watson, partner and technology sector lead at Grant Thornton UK. “Germany has very strong privacy rules, but this has resulted in traffic accident data not being collected on particular stretches of roads. Therefore, they weren’t able to collect data that would have pinpointed a particular accident hotspot. You could take data privacy to a level where even non-personalised data is not collated on a group-wide, anonymous basis. In this case society would lose out.”
The middle-man in surveillance
Judging how far to go on privacy has become more complex because, like it or not, many technology companies are now surveillance intermediaries. Whether it be messages sent on social media, recordings from Echo devices or location data stored on smart phones, technology companies possess information that is useful for fighting crime.
There is no question that they must comply with the law regarding requests for information, but they have discretion over how swiftly they reply and the depth of information they provide.
Many now wonder whether law enforcement data requests should be processed without question, or heavily scrutinised in the interest of preserving privacy.
In the past, some technology companies resisted rather than cooperated with law enforcement. But as technology companies unwittingly accumulate more and more vital evidence, there is controversy in some markets about which data is shared, how much and for what purpose.
After all, being perceived as uncooperative with counter-terrorism forces is far more damaging than not adhering to the absolute strictest privacy standards.
Strengthen protection of digital assets
How should technology businesses respond to rising digital risk? First and foremost, they must classify, categorise and map out their digital assets to understand the specific risks and value associated with them.
Armed with this insight, they should develop and implement a nuanced, risk-based digital risk strategy that fortifies the digital crown jewels – those deemed most critical to the business and its customers.
Of course, one company’s most valuable data may be completely unimportant to another. For example, fintech companies highly value customers’ financial information, entertainment technology companies place high importance on consumer preference data and high-tech companies treasure their IP.
This approach sounds sensible. But a surprisingly large number of technology companies do not do this, and instead rely on an outdated one-size-fits-all approach to cyber security and data privacy based on perimeter security.
Orus Dearman, managing director of risk advisory services at Grant Thornton US, explains how this classification process can lead to practical change that reduces vulnerability.
“We assisted a technology company client in performing a data categorisation process to enable them to efficiently identify sensitive and personal information within their databases and networks as part of an overall data inventory. This allowed the company to deploy data protection resources where they are needed and would have the most impact,” he says. “Now, if anyone wants to change anything to do with this data or these systems, the privacy team is brought into the process as part of the workflow.”
Bin useless data
In contrast, data revealed to be not at all useful to the business and not required for regulatory and compliance purposes should be deleted or appropriately anonymised. This reduces the risk of it being compromised.
Naturally, technology companies can be reluctant to delete information due to concerns they might need it for an audit or that it is essential for something they are unaware of. Data mapping helps realise interdependencies, which can assist in deleting data.
But data asset categorising doesn’t just reduce risk. It also creates value. This exercise might identify a dataset or combination of datasets that can be used to improve the efficiency of internal operations or gain insight into customer preferences.
When strategy changes, so should data categorisation
Technology companies must remember two things when profiling data assets. First, it is not a one-off exercise. They must constantly map out their digital assets as the nature of the threat changes and as their business priorities evolve.
Second, this task cannot be left to the information security officer or head of IT. It is a critical business decision that must align to business objectives. Senior business leaders must be involved in the process.
Drive competitive advantage through trust
There is a real opportunity for B2B technology companies to market themselves around digital trust. Those that demonstrate readiness to respond to a cyber threat, responsibly handle customer data and empower customers to manage privacy controls stand to gain a competitive advantage.
To start building trust, technology companies must offer value-added cyber security solutions such as malware and ransomware screening that plugs vulnerabilities as part of their core offering. Customers will also be impressed with suppliers that conduct comprehensive cyber security audits and produce independent assurance reports.
“Reports that demonstrate capability, security, and a serious commitment to risk management (such as SOC2 or ISAE3402) are without question a way for technology companies to differentiate themselves from the competition,” says Matthew Green, technology advisory partner at Grant Thornton Australia. “The more astute clients are now starting to ask for the validation and the ongoing assurance that the organisation is maintaining an appropriate level of data security and are requesting those reports as a way of demonstrating it.”
There are a number of security standards that technology companies can use to demonstrate best practice digital resilience. But because every technology company is different, these merely provide a starting point. Technology companies should evaluate what their customers want when it comes to privacy and security and prioritise this.
Consumers value control
The jury is out on whether B2C technology can truly differentiate themselves through digital trust. Still, there is no harm in making it incredibly easy for customers to identify and delete data that is held about them and manage privacy settings.
B2C technology companies must also make privacy policies crystal clear. Today, most are displayed in tiny lettering across multiple pages, making them impossible to decipher.
“Privacy should be an enabler and not hinder innovation. Companies who have embraced good privacy practices should use that as a branding platform in the market,” confirms Orus.
“Clearly communicating privacy policies in a transparent way is essential. The general trend for technology companies is to develop a user hub that allows users to see what data is being held about them and allows them to opt in and out of various things."
"Privacy regulations such as the GDPR and upcoming California Consumer Privacy Act (CCPA) require clear and concise privacy notices for applicable data subjects. However, for those of us that don’t fall into the GDPR or CCPA buckets, many user agreements are over a hundred pages long, so they can still be made more user-friendly.”
Our five recommendations
Technology companies should implement the following recommendations to build and maintain digital trust:
- Categorise data assets according to their strategic importance. Those that will disrupt the business or customer experience or cause untold reputational damage if compromised should be heavily protected.
- Regularly review your data asset categorisation in collaboration with senior business leaders. This categorisation must align with business objectives, which may change over time.
- Don’t just think about the minimum required from the regulator when implementing data protection controls. Instead, consider what regulations may look like in the future.
- Collaborate fully with valid requests for data and information and know the extent to which data should be provided.
- Demonstrate your commitment to data protection by having your cyber risk practices tested regularly by an independent third-party. This will help to build trust.
When it comes to protecting your business to become immune to a cyber attack or data breach, one size does not fit all. However, technology companies can bolster their resilience by applying some or all of these recommendations so long as they tailor their actions to suit their unique position, and that of their clients.
Find out more about managing digital risk by .
Footnotes