Sustainability has gained traction over recent years, especially in terms of environmental protection. However, the sustainability framework, better known as the ‘ESG Framework’, has another two pillars that are equally important: the social and governance aspects.

The ESG Framework is governed by various laws and regulations across the globe, and this includes the enactment of the Corporate Sustainability Reporting Directive (‘CSRD’) by the European Commission. As a result, companies subject to such obligations are witnessing a change in mindset and culture with the aim to provide their products and/or services in a more sustainable manner.

The protection of human rights forms part of the social pillar and therefore, the privacy of individuals is deemed to be an important factor for companies to consider in their ESG Framework. Compliance with data protection rules, such as the General Data Protection Regulation (‘GDPR’), is not a new concept. However, with key stakeholders demanding more accountability and transparency, companies need to move beyond a mere compliance culture and become proactive in protecting personal data and privacy.

Privacy by design is the way forward for such an approach to be successful. In fact, this is a term that the GDPR has already introduced which led companies to shift from a reactive and a tick the box approach to proactively consider the ramifications in every decision that is made within the governance structure in relation to data protection and privacy. For example, before purchasing an IT system, a company must assess and ensure that the necessary security measures are in place or can be implemented to adequately safeguard personal data. Another instance may refer to the measures applied for data subjects to easily exercise their rights even if a new system is implemented.

Considering data protection as part of a company’s ESG Framework can prove to be beneficial for a company to boost its ESG rating. Moreover, such approach may enhance the reputation of an organisation and therefore, be in a better position to manage any adverse media that may arise. It can also create a competitive advantage for a company as stakeholders would have an added value when choosing a partner for a particular service and/or product. In a nutshell, a factor that can differentiate a company from its competitors.


How can Grant Thornton assist?

Grant Thornton may assist customers in ensuring that adequate governance structures, internal controls, and tools to safeguard personal data are in place and are undertaken in a sustainable manner. As a result, the following services are available accordingly:

    • Data protection consultancy 
    • IT audit
    • Internal audit
    • Advise on cybersecurity measures
    • CSRD compliance
    • Sustainability consultancy