-
Other audit services
We help clients with the application and use of foreign financial aid of EU and other funds and help prepare financial reports.
-
Audit calculator
The calculator will answer if the company's sales revenue, assets or number of employees exceed the limit of an inspection or audit.
-
Payroll and related services
We perform payroll accounting for companies whether they employ a few or hundreds of employees.
-
Tax accounting
Grant Thornton Baltic's experienced tax specialists support accountants and offer reasonable and practical solutions.
-
Reporting
We prepare annual reports in a timely manner. We help to prepare management reports and various mandatory reports.
-
Consolidation of financial statements
Our experienced accountants and advisors help you prepare consolidation tables and make the consolidation process more efficient.
-
Consultancy and temporary staff
Our experienced specialists advise on more complex accounting transactions, rectify poor historic accounting, and offer the temporary replacement of an accountant.
-
Outsourced CFO service
Our CFO service is suitable for companies of all sizes and in all industries. We offer services to our clients in the required amount and competences.
-
Assessment of accounting processes
We help companies to implement accounting practices that are in compliance with local and international standards.
-
Accounting services for small businesses
We offer affordable service for small businesses. We help organize processes as smartly and cost-effectively as possible.
-
Cryptocurrency accounting
We keep up with blockchain technology to serve and advise crypto companies. We are supported by a network of colleagues in 130 countries.
-
Trainings and seminars
Our accountants have experience in all matters related to accounting and reporting. We offer our clients professional training according to their needs.
-
Business advisory
We offer legal support to both start-ups and expanding companies, making sure that all legal steps are well thought out in detail.
-
Fintech advisory
Our specialists advise payment institutions, virtual currency service providers and financial institutions.
-
Corporate advisory
We advise on legal, tax and financial matters necessary for better management of the company's legal or organizational structure.
-
Transaction advisory
We provide advice in all aspects of the transaction process.
-
Legal due diligence
We thoroughly analyze the internal documents, legal relations, and business compliance of the company to be merged or acquired.
-
In-house lawyer service
The service is intended for entrepreneurs who are looking for a reliable partner to solve the company's day-to-day legal issues.
-
The contact person service
We offer a contact person service to Estonian companies with a board located abroad.
-
Training
We organize both public trainings and tailor made trainings ordered by clients on current legal and tax issues.
-
Whistleblower channel
At Grant Thornton Baltic, we believe that a well-designed and effective reporting channel is an efficient way of achieving trustworthiness.
-
Business model or strategy renewal
In order to be successful, every company, regardless of the size of the organization, must have a clear strategy, ie know where the whole team is heading.
-
Marketing and brand strategy; creation and updating of the client management system
We support you in updating your marketing and brand strategy and customer management system, so that you can adapt in this time of rapid changes.
-
Coaching and development support
A good organizational culture is like a trump card for a company. We guide you how to collect trump cards!
-
Digital services
Today, the question is not whether to digitize, but how to do it. We help you develop and implement smart digital solutions.
-
Sales organisation development
Our mission is to improve our customers' business results by choosing the right focuses and providing a clear and systematic path to a solution.
-
Business plan development
A good business plan is a guide and management tool for an entrepreneur, a source of information for financial institutions and potential investors to make financial decisions.
-
Due diligence
We perform due diligence so that investors can get a thorough overview of the company before the planned purchase transaction.
-
Mergers and acquisitions
We provide advice in all aspects of the transaction process.
-
Valuation services
We estimate the company's market value, asset value and other asset groups based on internationally accepted methodology.
-
Forensic expert services
Our experienced, nationally recognized forensic experts provide assessments in the economic and financial field.
-
Business plans and financial forecasts
The lack of planning and control of cash resources is the reason often given for the failure of many businesses. We help you prepare proper forecasts to reduce business risks.
-
Outsourced CFO service
Our CFO service is suitable for companies of all sizes and in all industries. We offer services to our clients in the required amount and competences.
-
Reorganization
Our experienced reorganizers offer ways to overcome the company's economic difficulties and restore liquidity in order to manage sustainably in the future.
-
Restructuring and reorganisation
We offer individual complete solutions for reorganizing the structure of companies.
-
Corporate taxation
We advise on all matters related to corporate taxation.
-
Value added tax and other indirect taxes
We have extensive knowledge in the field of VAT, excise duties and customs, both on the national and international level.
-
International taxation
We advise on foreign tax systems and international tax regulations, including the requirements of cross-border reporting.
-
Transfer pricing
We help plan and document all aspects of a company's transfer pricing strategy.
-
Taxation of transactions
We plan the tax consequences of a company's acquisition, transfer, refinancing, restructuring, and listing of bonds or shares.
-
Taxation of employees in cross-border operations
An employee of an Estonian company abroad and an employee of a foreign company in Estonia - we advise on tax rules.
-
Tax risk audit
We perform a risk audit that helps diagnose and limit tax risks and optimize tax obligations.
-
Representing the client in Tax Board
We prevent tax problems and ensure smooth communication with the Tax and Customs Board.
-
Taxation of private individuals
We advise individuals on personal income taxation issues and, represent the client in communication with the Tax and Customs Board.
-
Pan-Baltic tax system comparison
Our tax specialists have prepared a comparison of the tax systems of the Baltic countries regarding the taxation of companies and individuals.
-
Internal audit
We assist you in performing the internal audit function, performing internal audits and advisory work, evaluating governance, and conducting training.
-
Internal Audit in the Financial Services Sector
We provide internal audit services to financial sector companies. We can support the creation of an internal audit function already when applying for a sectoral activity license.
-
Audit of projects
We conduct audits of projects that have received European Union funds, state aid, foreign aid, or other grants.
-
Prevention of money laundering
We help to prepare a money laundering risk assessment and efficient anti-money laundering procedures, conduct internal audits and training.
-
Risk assessment and risk management
We advise you on conducting a risk assessment and setting up a risk management system.
-
Custom tasks
At the request of the client, we perform audits, inspections and analyzes with a specific purpose and scope.
-
External Quality Assessment of the Internal Audit Activity
We conduct an external evaluation of the quality of the internal audit or provide independent assurance on the self-assessment.
-
Whistleblowing and reporting misconduct
We can help build the whistleblowing system, from implementation, internal repairs and staff training to the creation of a reporting channel and case management.
-
Information security management
We provide you with an information security management service that will optimise resources, give you an overview of the security situation and ensure compliance with the legislation and standards.
-
Information security roadmap
We analyse your organisation to understand which standards or regulations apply to your activities, identify any gaps and make proposals to fix them.
-
Internal audit of information security
Our specialists help detect and correct information security deficiencies by verifying an organization's compliance with legislation and standards.
-
Third party management
Our specialists help reduce the risks associated with using services provided by third parties.
-
Information security training
We offer various training and awareness building programmes to ensure that all parties are well aware of the information security requirements, their responsibilities when choosing a service provider and their potential risks.
-
ESG advisory
We help solve issues related to the environment, social capital, employees, business model and good management practices.
-
ESG audit
Our auditors review and certify sustainability reports in line with international standards.
-
Sustainable investments
We help investors conduct analysis of companies they’re interested in, examining environmental topics, corporate social responsibility and good governance practices.
-
Sustainable tax behaviour
Our international taxation specialists define the concept of sustainable tax behaviour and offer services for sustainable tax practices.
-
ESG manager service
Your company doesn’t necessarily need an in-house ESG manager. This role can also be outsourced as a service.
-
Recruitment services – personnel search
We help fill positions in your company with competent and dedicated employees who help realize the company's strategic goals.
-
Recruitment support services
Support services help to determine whether the candidates match the company's expectations. The most used support services are candidate testing and evaluation.
-
Implementation of human resource management processes
We either assume a full control of the launch of processes related to HR management, or we are a supportive advisory partner for the HR manager.
-
Audit of HR management processes
We map the HR management processes and provide an overview of how to assess the health of the organization from the HR management perspective.
-
HR Documentation and Operating Model Advisory Services work
We support companies in setting up HR documentation and operational processes with a necessary quality.
-
Employee Surveys
We help to carry out goal-oriented and high-quality employee surveys. We analyse the results, make reports, and draw conclusions.
-
HR Management outsourcing
We offer both temporary and permanent/long-term HR manager services to companies.
-
Digital strategy
We help assess the digital maturity of your organization, create a strategy that matches your needs and capabilities, and develop key metrics.
-
Intelligent automation
We aid you in determining your business’ needs and opportunities, as well as model the business processes to provide the best user experience and efficiency.
-
Business Intelligence
Our team of experienced business analysts will help you get a grip on your data by mapping and structuring all the data available.
-
Cybersecurity
A proactive cyber strategy delivers you peace of mind, allowing you to focus on realising your company’s growth potential.
-
Innovation as a Service
On average, one in four projects fails and one in two needs changes. We help manage the innovation of your company's digital solutions!
Author: Indrek Keis
Many employers have questions about whether and to what extent personal data can be requested from employees in the context of the coronavirus pandemic. In this article, I highlight some practical questions and concepts that employers should factor into processing of employee personal data and provide advice on how to mitigate the main risks for both employer and employee.
Data protection requirements generally do not prevent the processing of personal data as long as the purpose of collection and processing is legal. For instance, if an employer has established a legally valid vaccination mandate as a condition for allowing an employee to work, the employer may also legally process the relevant data.
Although companies and other organizations vary greatly in structure and activities and the same approach does not hold true for all cases, we can highlight a few key activities that both parties can carry out to help to ensure the interests of both sides in the employment relationship.
Personal data of employees
In general, any information that can be associated with a specific employee can be considered employee personal data. During the pandemic, employers may need to collect information on the employees’ close contact status, isolation, testing and test results, potential infectiousness, illness and recovery, vaccination status and stance towards vaccination.
Some personal information is categorized as health data; mainly information that can be used to make assessments regarding the employee’s health condition . Legislation sets out additional conditions for the collection and use of health data, and processing of health data runs a greater risk for both employees and employer.
Determining the need for data
One of the main rules for collecting personal data is that there has to be a valid need for such dataThe need is dictated by the purpose of the activity for which data are collected.
The need to gather personal data may be related to compliance requirements arising from applicable laws, pursuing legitimate interests of the employer or even stem from the desire of the employer to popularize and promote testing or vaccination. The employer must document the purpose of data collection and associate it with the personal data which is necessary for achieving that purpose. Specifying the purpose makes it easier to carry out further in-house planning and helps protect the employer’s interests in the event of disputes. It also ensures the application of the requirements arising from processing of personal data. The description of the purpose should be detailed enough so that the need for gathering the data is evident from the purpose. The purpose also determines the importance of the accuracy of the data and the means of involving the employees (whether the submission of data is obligatory or voluntary).
When specifying the actual need for the data, further use of the data after the initial collection of data must be taken into account – whether the data must be retained and if so, for how long. For instance, if the employer measures the body temperature with a software-based device that saves the temperature reading, it should be considered whether and for how long a reading for a specific employee must be retained. If the employer gathers information on employee’s test results, the necessary retention period probably varies depending on the test result. It is not necessary to keep the result of a negative test as long as the result of a positive test. Once the personal data are no longer necessary, they must be deleted or all links with the specific employee removed, so that the data can no longer be associated with a specific employee.
Surveys conducted at a company
It is always not necessary to gather data in a manner that allows the data to be associated with a specific employee. This is the case if the employer wants to conduct a survey to gain insight of employees’ preferences for the planning of their return to the office and organization of work. It is usually possible to conduct surveys anonymously without allowing the responses to be linked to a specific respondent.
A situation that often arises is that an employer asks employees for their vaccination desires or other data via a shared datatable that is circulated via email or which can be accessed by all employees.. This could jeopardize the employee’s privacy as co-workers could access the information. At the same time, the integrity of the data is also at risk, as the answers or other information could be deliberately or accidentally changed. In this way, the employer would be in breach of its duties regarding processing personal data, since the employer is required to protect information concerning employees from unauthorized access and modification by other employees. Moreover, the decisions made by the employer due to unauthorized modification could be based on inaccurate data, which later on requires additional resources to eliminate the consequences.
Knowledge and proper use of various easily available digital solutions enable conducting the surveys in a compliant and privacy friendly manner,In the light of potential future waves of the pandemic and constantly improving knowledge of the virus, , there may be need to conduct surveys multiple times, and from the employer’s standpoint, it would be wise to simplify and automate the process as much as possible.
Ensuring a safe working environment and protection for other employees’ health
If the purpose is to ensure a safe work environment and protection for employees’ health, the need for specific personal data arises from the workplace risk assessment conducted by the employer. Identified risks and measures to manage them may vary depending on the environment, area of activity and other employer-based factors, which is why every company may also have a different actual need for different data. The more sensitive data are and the greater the implications to an employee’s privacy, the more the processing of such personal data processing should be avoided whereas possible, proceeding only if there is no other way to mitigate the risk identified in the workplace risk assessment.
Employer-based factors are not the only ones that should be considered when it comes to prevention of virus based illnesses. The known qualities of the virus and vaccines also have a major role, and employers are generally not competent to assess these risks. Consequently, both existing and constantly updated knowledge should be taken in account. Thus, employers must constantly update their risk assessments if new knowledge about the virus or vaccine properties comes to light which may influence the management of the risk, which in turn could affect the need and justification for gathering personal data.
Information about (suspected) infection
In the event of catching the virus, it should be considered whether the information about the specific employee’s illness has an effect on the employer’ operations or influences protection of the health of other employees. If the existence or lack of such information does not lead to further consequences, it is probably not necessary for the employer to specifically determine whether the employee has contracted the coronavirus. For example, if the employee has been working remotely for an extended period or due to the location and nature of the work, such information does not impact safety of the working environment or the health of other employees.
Employer should refrain from notifying the entire workforce about the illness of a specific employee. If the information about the specific employee’s illness must be used, it should be made available only to a small a circle as possible and only in the extent disclosing such information directly helps preventing the spread of the virus.
Data about employees’ vaccination status
Various data can exists regarding the vaccination status – whether and when the employees were vaccinated, and with which vaccines. Although employees often share such information over coffee or lunch and reveal their vaccination status informally, employers still must have a legitimate and need-based purpose if they intend to keep and use informally disclosed information.
Similarly to other types of personal data concerning employees, employers must keep vaccination information confidential as well and prevent access to the data by unauthorized persons. The employer must also apply the principle of minimal use and gather only data that is justified. For example, information about which specific vaccine was used may not be necessary for an employer, but storing such data may incur significant privacy risks for the employee.
Correctness of data and the anonymity factor
In the context of the pandemic, it is important to ensure that data are correct. There is no benefit from processing data to manage risks identified in the working environment risk analysis if data is inaccurate. Thus, the means of collection and the source of the data must be considered to ensure the accuracy of data. If the purpose of data collection does not have any legal consequences and the employer intends to merely presume honesty from the employee, anonymous data should be considered prior to collecting personal data.
In some organizations, employees may be exposed to social pressure that forces the employee to provide information that is not accurate. For example, an employee may provide inaccurate information whether he or she has been in close contact, is in mandatory quarantine, infected, vaccinated or whether they wish to be vaccinated, if their own attitudes depart from the norm for that organization. The employee may also be wary of negative consequences, disparaging attitudes and becoming the target of accusations. In such case, providing anonymity can increase the accuracy of the data. An employee who has no reason to fear direct negative consequences may provide more accurate information that makes it easier to detect possible spread of virus or recovery or to map the general attitude among an organization’s workforce. Anonymous data collection also mitigates privacy and compliance risks arising from processing of personal datasince the data cannot be associated with any specific employee.
When to ask employee’s consent?
In context of employment relationship, asking for employee’s consent should generally only occur if giving the consent is optional and refusal does not lead to any negative consequences for employee,, such as disallowingto work.. Consent is appropriate basis for data collection if the employer is looking to incentivize vaccination and enable vaccination in the workplace. In such case, being vaccinated must not be a compulsory condition for allowing the employee to work.
Asking for consent should be avoided if the need for collection of personal data collection is required to managing a specific risk identified in the workplace risk assessment, because in this case it the consent will not be legally valid as effective mitigation of a risk usually can not rely on voluntary choice of the employee.
Need for create and keep evidence of privacy considerations
On one hand, it legally required to be able to provide evidence of compliance with principles of data protection. Employers must maintain evidence of data processing activities and the considerations that preceded to the processing. In any case of processing personal data, one must always be prepared to prove the need for and permissibility of processing personal data along with consideration of privacy risks to the people concerned and measures applied to address those risks.
Other than compliance requirements,, it is also in the employer’s own interests to document relevant activities and the considerations. It is common to forget any undocumented activites, employees can leave and new ones are not aware of previous decisions and the situation changes constantly, which is why documentation of activities maintains consistency and preserves the knowledge gained from experience so that better and more effective decisions can be made in the future. It also helps to ensure the employer’s legal interests in the event of disputes if a need arises to justify for the collection of personal data.
If you have similar challenges and questions, please contact our specialists.