-
Financial statements audits
Financial statements audits
-
Financial statement reviews
Financial statement reviews
-
Financial statements compilations
Financial statements compilations
-
IFRS
IFRS
-
Audit quality monitoring
Audit quality monitoring
-
Global audit technology
Global audit technology
-
Systems and risk assurance
Systems and risk assurance
-
General business consulting
General business consulting
-
Market research
Market research
-
Sustainability
Sustainability is indeed a broad concept. Aside from mitigating the environmental changes caused by…
-
Business planning and performance improvement
Business planning and performance improvement
-
Change and program management
Change and program management
-
Business intelligence and analytics
Business intelligence and analytics
-
Business valuation and litigation support
Business valuation and litigation support
-
Business process outsourcing and consulting
Business process outsourcing and consulting
-
Family business consulting
Our business solutions for family businesses center on alignment of all aspects of the family and business,…
-
Quantitative small caps
Grant Thornton has a wide professional network with a vast array of technical skills that is…
-
Data analytics
Data analytics is the process through which businesses leverage data to gain actionable insights and…
-
Bookkeeping & financial accounting
Bookkeeping & financial accounting
-
Payroll and personnel administration
Payroll and personnel administration
-
Direct and Indirect tax compliance
Tax compliance within outsourcing
-
Compilation of financial statements
Compilation of financial statements
-
Business process outsourcing
Business process outsourcing including back office and secretarial
-
Family business consulting
Family business consulting
-
Startups
Startups
-
Company formation
Company formation
-
BOR
Entities in Malta, including companies, partnerships, foundations, trusts and…
-
Internal audit
Internal audit
-
Risk management and internal controls consulting
Risk management and internal controls consulting
-
Governance and risk management
Governance and risk management
-
Regulatory services
Regulatory services
-
Risk modelling services
Risk modelling services
-
Forensic and investigation
Forensic and investigation
-
Compliance audit
A compliance audit is a detailed review which focuses on whether an organisation is in conformity with…
-
Citizenship by naturalisation
The Maltese Citizenship Act (Cap 188) establishes who may become a citizen of Malta by naturalisation,…
-
Citizenship for Exceptional Services by Direct Investment
With the continuously changing global dynamics and evolving geopolitics, there is an…
-
Grant of Citizenship for Exceptional Services
Malta has enacted legislation which extends to individuals providing excellent or manifestly superior…
-
Acquisition of citizenship by registration
The Maltese Citizenship Act (Cap 188) establishes who can register as a citizens of Malta. The Act was…
-
Maltese Family Businesses Resource Centre
For over 30 years Grant Thornton’s advisory teams have assisted family businesses in navigating the…
-
Grooming
Preparing the next generation for leadership and ownership is an integral part of any succession…
-
Tax services
Using a combination of reason and instinct, we can work with clients to develop a strategy that helps them…
-
Governance
Having a proper governance structure is essential to ensure that the family and business strategies…
-
Ownership succession
Letting go of your family business is difficult for all owners and even more so for founders; however, in a…
-
Exit strategies
There are many 'exit strategies' that need to be considered to minimise the risk of conflict. They can arise…
-
Management succession
By implementing our family business guidelines to family succession and a proper governance structure, the…
-
DORA Consultancy
Firms within the financial sector face a critical imperative to fortify their operational resilience in the digital…
-
Cyber security Consultancy
Whether you are a multinational corporation, a small business, or an individual, the digital realm holds…
-
Digital Transformation
Build a solid foundation to fuel business reinvention and gain the flexibility you need to succeed…
-
IT Audit and Assurance
Information systems procedures have evolved drastically, but so have hacking techniques. Assess your IT…
-
Fintech and Innovation
Are you ready to explore the fintech space? Grant Thornton is able to guide you from start to finish.
-
Case Studies
Digital transformation has transitioned from being an option to a necessity. The race is on... The…
-
Operational and financial restructuring and reorganisation
Operational and financial restructuring and reorganisation
-
Recovery
Recovery
-
Financial regulatory services
Financial regulatory services
-
GDPR consultancy
The General Data Protection Regulations (GDPR) have transformed the way we handle…
-
Ship and aircraft registration
Ship and aircraft registration
-
Medical cannabis licensing in Malta
A study published in 2018 by market intelligence and strategic consultancy firm Prohibition…
-
Trust and trustee services
As an entrepreneur, business owner, parent or guardian, you will want to ensure that whatever happens in…
-
Family trusts
The law establishes the requirement of a license for one to be able to act as a trustee subject to certain…
-
Programmes
Grant Thornton is authorised and regulated by the Government of Malta to handle and submit applications for both citizenship applications as well as residence…
-
Ordinary residency in Malta
Any EU, EEA or third country national who resides in Malta for more than 3 months is obliged to apply for a Residence Permit. There are various grounds upon which an…
-
Qualifying Employment in Aviation Rule
Malta provides qualified persons employed in the field of aviation with an opportunity to enjoy a 15% flat personal tax rate on income generated from their direct…
-
Qualifying Employment in Innovation and Creativity (Personal Tax) (Amendment) Rules, 2019
These Rules allows persons employed in a role directly engaged in carrying out, or management of research, development, design, analytical or innovation activities,…
-
Qualifying Employment in Maritime and Offshore Oil & Gas Industry Rule
Malta provides qualified persons employed in the field of aviation, with an opportunity to enjoy a 15% flat personal tax rate on income generated from their direct…
-
Nomad Residence Permit
The NOMAD residence permit, which was launched in June 2021, allows third-country nationals who would normally require a Visa to travel to Malta, to retain their current…

-
Direct international tax
Direct international tax
-
Indirect international tax
Indirect international tax
-
Global mobility services
Global mobility services
-
Transfer pricing
Transfer pricing
-
Estate planning
Estate planning
-
Wealth advisory
Wealth advisory
-
Regulatory and legal
Regulatory and legal
-
Corporate tax services
Corporate services
-
VAT
At its simplest, VAT is a tax on consumption and is a multi-stage tax (ie applied at every stage of the…
-
2018 Amendments of the Income Tax Act
The following is a brief overview of the new tax provisions introduced in 2018 by the Budget…
-
Mergers and acquisitions
Mergers and acquisitions
-
ESEF Reporting
Our ESEF reporting service is tailored to assist listed companies in complying with the European…
-
Prospects MTF
As of 2016, small and medium-sized enterprises in Malta can access the capital markets through Prospects -…
-
Project financing
Project financing
-
Due diligence
Due diligence
-
Valuations
Valuations
-
Foreign direct investment
Foreign direct investment (FDI) is the category of international investment that echoes the objective of…
-
Wholesale Securities Market
WSM is a joint venture between the Malta Stock Exchange and the Irish Stock Exchange, combining the…
-
Aviation
The Maltese Government is constantly remaining to improve the position as the best place to do…
-
Maritime
For Maritime, Grant Thornton provide direction with regards to VAT guidelines for yacht leasing, as well…
-
Automotive
We offer a broad range of services relating to automotive, ranging from Transaction advisory, access to…
-
Gaming Regulations
Malta recently overhauled the framework regulating the iGaming sector. Going forward operators will…
-
Licensing Process
Prior to submission all applicants are advised to go through a pre-application process with one of the…
-
Malta Real Estate Investment Trust (REIT)
As part of the 2019 budget, the government has pledged to introduce a Real Estate Investment…
-
The Markets in Financial Instruments Directive (MiFID) II
MiFID II aims to protect investors and make sure that financial markets operate in the fairest and most…
-
Fintech and Innovation
At Grant Thornton we help innovative firms and entities operating in the fintech space launch new…
-
Asset Management
At Grant Thornton we help innovative firms and entities operating in the fintech space launch new…
-
Banking
Grant Thornton combines local insight with global scale to help banks meet regulatory…
A study published by the European Parliamentary Research Service (EPRS) seeks to examine whether the European Data Protection Regulation and the ancillary framework (GDPR) can coexist with the peculiar nature of blockchain technologies. The study argues that the multiple points of friction which have emerged between the GDPR and blockchain technologies are mainly due to three factors:
- The need for a controller: the GDPR states that, for personal data points to be legal, there must be one data controller (which can be either a natural or a legal person) for each one of these points. This, however, defies the blockchain concept of decentralization and shared responsibility;
- The immutability of data: in accordance with GDPR provisions, a subject’s personal data can only be modified or erased (right to be forgotten) following a request from the owner of the data. However, the immutability characteristics of blockchain is possibly the keystone of data integrity and trust in the network. It is also unclear whether the data stored on blockchain can be sufficiently anonymized in order to meet the GDPR’s minimum anonymization threshold;
- The data minimization: while the GDPR requires for the collection and storage of data to be kept to a minimum and only for purposes which have been notified in advance to the data owner, blockchain technology is on the other hand underpinned by distributed ledger principles and replication on different machines (nodes). From a legal point of view, it is unclear if the purpose of data processing only includes the initial transaction or if it also encompasses the continuous processing of the data once on the chain. Blockchain architects are therefore compelled to design GDPR-compliant use cases following compliance-by-design principles.
How blockchain can contribute to data transparency
Blockchain can be instrumental in solving issues pertaining to data transparency. Blockchain-based smart contracts can also automate the sharing of data, therefore contributing to the reduction of transaction costs, and facilitating data-sharing among European institutions. Ultimately, this may also lead to the development of an EU-wide artificial intelligence (AI) platform.
Blockchain also provides data subjects with increased control over who has accessed their data (Article 15 GDPR), how they can manage their personal information (data portability, covered in Article 20 GDPR) and protect them from unauthorized modification. Such streamlining of processes can also lead to better data management amongst different bodies accessing the same dataset stored on a single blockchain network where the respective data controllers could be a node in the network.
Policy options
While significant tension exists between the nature of blockhain technologies and EU privacy laws, the study has also highlighted two major points:
- The relation between this technology and the European legal framework can only be considered on a case-by-case basis;
- Blockchain can support GDPR in achieving its own objectives.
As a result, the study puts forward three policy options:
-
Regulatory guidance:
While there is uncertainty as to how the EU privacy regulations can be applied to this technology, the study does not recommend revising the GDPR, rather to consider it as an expression of principle-based regulation, designed to be technologically neutral. Subjects wanting to use blockchain should, however, seek regulatory guidance on how the existing legislation applies to their specific case. The study also guides authorities to work with the European Data Protection Board to draft specific guidance on the application of the GDPR to blockchain technologies and support architects to design compliant use cases;
-
Support codes of conduct and certification mechanisms:
GDPR is designed to be a technology-neutral legal framework; therefore code of conduct and certification mechanisms are to be created and applied on an ad-hoc basis whilst adhering to a consistent data protection standard;
-
Funding:
Funding should be made available for interdisciplinary research exploring how blockchain’s technical design and governance solutions could be adapted to the GDPR's requirements, and if protocols that are compliant by design may be created.
Transfer of data to third countries
Chapter V of the GDPR states that personal data can only be transferred to third countries that (i) benefit from adequacy decisions, (ii) offer appropriate safeguards, or (iii) on the basis of derogation. Since multiple blockchain nodes may be located outside of the EU, transfers of personal data are only possible on the basis that the country the data is transferred to ensures adequate data protection levels. The country in question must, therefore, score high in terms of respect for the rule of law, human rights, and fundamental freedoms as well as enforce relevant legislation and practices. If the European Commission deliberates that the country in question offers adequate safeguards, an adequacy decision (which is to be reviewed at least every 4 years) is issued and implemented.
Transfer to third countries not benefitting from an adequacy decision is only possible if the data controller has put in place appropriate safeguards. These include binding corporate rules, which can take the form of contractual clauses or provisions, to be inserted into administrative arrangements between public organisations or bodies and which are subject to the prior approval from the competent supervisory authority. Individuals must be informed of the transfer of their data to a third country and of all the measures put in place to safeguard them.