-
Digital Natives
Unlock growth with Grant Thornton Bharat's Digital Natives solutions. Customised support for tech-driven companies in healthcare, gaming, and more.
-
Business Consulting
Our business consulting specialists offer a comprehensive blend of strategic advisory services. We assess the business, industry, operating model, synergy, skill sets and vision of the organisation and recommend the way forward
-
Digital Transformation Services
Grant Thornton’s digital transformation services help traditional businesses digitalise their business models with cloud technology, IoT consulting, app development and more DigiTech solutions.
-
Human Capital Consulting
Our Human Capital Consulting team harnesses technology and industry expertise to assist in constructing adaptable organisations with transparency, fostering productive and value-driven workforces, and inspiring employees to engage meaningfully in their tasks.
-
Production Linked Incentive Scheme
Production-linked Incentive Scheme by the Indian government is aimed at boosting manufacturing. Grant Thornton Bharat offers varied services across sectors to help businesses avail of this scheme.
-
Public Sector Advisory
Our Public Sector Advisory team has focused streams, aligned with the core priorities of the Government of India. We are responsible for providing innovative and customized technical and managerial solutions.
-
Tech Advisory
We have amalgamated Digital Transformation, IT Advisory & Information Management and Analytics into a new offering, DigiTech.
-
Direct Tax services
Our tax specialists offer a comprehensive blend of tax services, tax litigation, regulatory and compliance services, helping you navigate through complex business matters.
-
Indirect Tax Services
Get tax services by leading tax firm Grant Thornton India. Our indirect tax services include consulting, compliance and litigation services for corporate, international and transaction tax
-
Transfer pricing services
Our transfer pricing services experts provide a range of services from provision of APA services to handling large global assignments including Country by Country reporting.
-
US Tax
At Grant Thornton, we help individuals and dynamic companies deal with US tax laws, which are one of the most complicated tax legislations across the world.
-
Financial Services - Tax
Best financial advisory services, tailored for small and large businesses by the experts having comprehensive knowledge of domestic laws and access to multifaceted tools to provide a valuable results.
-
Financial Reporting consulting services
Our experts have significant hands-on experience in providing IFRS/US GAAP services, end-to-end solutions and support services to fulfil financial reporting requirements.
-
Fund accounting and financial reporting
International operations often lack standardisation and have varied local reporting formats and requirements. Our experts can offer proactive insights, practical guidance, and positive progress and help meet regulatory timeframes.
-
Compliance and Secretarial Services
Our experts can assist in overhauling the entire compliance machinery of the organisation through evaluation of the applicable statutory obligations, monitoring of adequate governance controls, reporting and providing ongoing support.
-
Global People Solutions
As businesses transcend borders, both domestic and global considerations need equal attention. Our interim CFO and financial controller support services help organisations meet the business vision.
-
Finance and accounting outsourcing
Our accounting experts assist organisations in managing their accounting and reporting. Our dedicated Integrated Knowledge and Capability Centre (IKCC), allows us to service both the domestic and global markets efficiently and cost-effectively
-
Compliance Management System
We have automation solutions for you that will allow meeting government requirements and remain diligent, which when failed, can lead to penalties and loss in revenue.
-
IKCC: Grant Thornton's Shared Service Centre
The India Knowledge and Capability Centre (IKCC), aimed at delivering solutions by developing capabilities, has completed four years of its journey.
-
Global compliance and reporting solutions
At Grant Thornton Bharat, we meet the challenges of our clients and help them unlock their potential for growth. Our professionals offer solutions tailored to meet our clients’ global accounting and statutory reporting requirements. With first-hand experience of local reporting requirements in more than 145+ locations worldwide, we provide seamless and consistent international service delivery through a single point of contact.
-
Related Party Transactions Governance
Grant Thornton Bharat's comprehensive related-party transaction services ensure good governance by adhering to regulatory requirements, promoting transparency, and providing robust policies for compliance, documentation, and accountability in related-party transactions.
-
Private Client Services
Grant Thornton Bharat Private Client Services offers tailored advisory for family-owned businesses, focusing on governance, compliance, tax, succession planning, and family office structuring to sustain wealth and preserve legacies across generations.
-
GTMitra: Tax & Regulatory Tool
GTMitra, a specialised tax and regulatory tool by Grant Thornton Bharat, supports multinational businesses in understanding laws and regulations for effective growth strategies.
-
Labour codes
Labour codes solutions help you transition through the new legislation. At Grant Thornton, we help businesses divide their approach to make sure a smooth transition.
-
Alerts
At Grant Thornton India, with the help of our tax alerts, we help to provide updates on how to minimise your tax exposure and risks.
-
Cyber
In today’s time, businesses have gone through large transformation initiatives such as adoption of digital technologies, transition to cloud, use of advanced technologies et al.
-
Governance, Risk & Operations
Our Governance, Risk and Operations (GRO) services encompass Internal Audit, Enterprise Risk Management, Internal Financial Controls, IT advisory, Standard Operating Procedures and other services.
-
Risk analytics
Grant Thornton Bharat’s CLEARR Insights is a state-of-the art data analytics platform that will help you in seamless data analysis and efficient decision-making.
-
Forensic & Investigation Services
The team of forensic advisory services experts consists of the best intelligence corporate experts, and fraud risk, computer forensic experts to deliver most effective solutions to dynamic Indian businesses.
-
ESG consulting
Grant Thornton Bharat offers holistic ESG consulting solutions for sustainable business outcomes. With industry expertise and AI technology, we drive long-term value.
-
Transaction Tax Services
Our transaction tax experts understand your business, anticipate your needs and come up with robust tax solutions that help you achieve business objectives ensuring compliance and efficiency
-
Deal Advisory
Unlike other M&A advisory firm in India, we offer deal advisory services and work exclusively with controlled and well-designed strategies to help businesses grow, expand and create value.
-
Due Diligence
Grant Thornton’s financial due diligence services are aimed at corporate looking for mergers and acquisitions, private equity firms evaluating investments and businesses/promoters considering sale/divestment.
-
Valuations
As one of the leading valuation consultants in India, Grant Thornton specializes in all the aspects of the process like business valuation services, financial reporting, tax issues, etc.
-
Overseas Listing
Overseas listing presents a perfect platform for mid-sized Indian companies with global ambitions. Grant Thornton’s team of experts in listings, work closely with clients during all stages.
-
Debt & Special Situations Solutions
Grant Thornton Bharat offers specialist debt and special situations consulting services, including restructuring, insolvency, and asset tracing solutions.
-
Financial Reporting Advisory Services
Grant Thornton Bharat Financial Reporting Advisory Services offer end-to-end solutions for complex financial requirements, including GAAP conversions, IPO support, and hedge accounting advisory, ensuring accurate financial reporting and compliance.
-
Financial Statement Audit and Attestation Services
Grant Thornton Bharat offers customised financial statement audit and attestation services, ensuring impeccable quality and compliance with global standards. Our partner-led approach, technical expertise, and market credibility ensure effective solutions for your business needs.
- Agriculture
- Asset management
- Automotive and EV
- Aviation
- Banking
- Education and ed-tech
- Energy & Renewables
- Engineering & industrial products
- FinTech
- FMCG & consumer goods
- Food processing
- Gaming
- Healthcare
- Urban infrastructure
- Insurance
- Media
- Medical devices
- Metals & Mining
- NBFC
- Pharma, bio tech & life sciences
- Real estate and REITs
- Retail & E-commerce
- Specialty chemicals
- Sports
- Technology
- Telecom
- Transportation & logistics
- Tourism & hospitality
-
Article Agriculture and Budget: Immediate compulsions and long-term visionGovernment focuses on sustainable agriculture, digital infrastructure, and market intelligence to enhance productivity and global competitiveness in agriculture.
-
Article Union Budget 2024 expectations: Building resilience for consumer industryUnion Budget 2024 expectations: Building resilience for consumer industry
-
Thought Leadership Grain to gain: Impact of corn on India’s biofuel revolutionExplore Grant Thornton insights on unlocking India’s Energy Potential on Corn-Based Ethanol as a sustainable fuel solution.
-
Case study Transforming agriculture: The rise of Drone DidisDiscover how Grant Thornton Bharat's Drone Didis initiative empowers rural women and transforms agriculture with drone technology. Learn more about this success.
-
India-UK
India-UK
With an increasing collection and processing of personal data, lack of a comprehensive data protection law, and growing incidents of data breaches and privacy violations, there was a need to introduce a law that addresses these concerns. The Digital Personal Data Protection Act, 2023, (DPDP ACT, 2023) is a landmark legislation introduced by the government that provides a comprehensive framework for personal data protection.
As data is the centre of the consumer industry, the new Act will have a significant impact. It imposes several regulations on e-commerce/D2C businesses, which will push companies to revamp their strategic approach towards digital safety. Apart from these, other players in the ecosystem, such as retailers, call centre operators, third-party logistics, marketing agencies, sales/distribution outsourcing companies, and payment enablers, will also come under the purview of the new Act.
The DPDP Act gives users certain rights, such as the right to access, right to correct or delete, and the right to object to processing of their personal data. Businesses must familiarise themselves with these rights and begin complying with them.
It is expected to increase the transparency between users, brands or platforms, make businesses accountable, improve security and privacy of user data, and potentially build trust and confidence within the industry. This is because the Act requires businesses to obtain explicit user consent before collecting, processing, or using their personal data. It also requires them to limit the collection and use of personal data to what is necessary for the purpose for which it was collected and to take appropriate security measures to protect personal data from being breached by unauthorised access, use, or disclosure.
As with any opportunity comes certain challenges, consumer-oriented businesses will need to implement new protocols to comply with the Act, invest in new technologies to improve data security, and educate users and staff about data privacy rights.
Overall, the DPDPA is a positive development for the industry in India. However, it is pertinent for players to be aware of some of the challenges that the Act will pose and to take certain steps to address and mitigate these challenges.
Here are some specific ways in which the DPDPA will impact consumer businesses:
Consent: Businesses will need to obtain ‘express consent’ from users before collecting, processing, or using their personal data. This consent must be freely given, specific, informed, and unambiguous. Companies will need to maintain clear communication for the same.
Purpose limitation: They can only collect and use personal data for the specific purpose for which it was collected. Companies must have full clarity on the details they seek from the customers and the purpose of collecting the same.
Data minimisation: Businesses should only collect the bare minimum amount of personal data necessary for the purpose for which it is being collected.
Data security: They must take appropriate security measures to protect personal data from unauthorised access, use, or disclosure. This means that there is need to implement data masking and encryption technologies to mitigate the risk associated with data thefts.
Breach notification: Businesses must notify users of any data breaches that have occurred. Robust mechanisms must be put in place to identify the data breaches. Currently, the time frame for communication has not been defined and the same will be notified in the rules of the act.
Who Will Be Data Fiduciary?
A data fiduciary is responsible for determining the methods and purposes of collecting personal data. In e-commerce, the brand owner, platform provider, or seller on record is usually one of the data controllers since they gather personal data during registration and use it for various purposes like marketing, analytics, and delivery. However, they become data processors if they only provide goods and services without accessing personal data.
In both platform and retailer scenarios, their roles as data fiduciaries may vary depending on their involvement in data collection and processing. The key principle is that any entity determining how personal data is collected and processed acts as a data fiduciary.
E-commerce companies are likely to be significant data fiduciaries under the Act. This is because they collect and process large amounts of personal data about their users, including names, addresses, contact information, payment details, and browsing history. This data can be used for various purposes, such as providing personalised shopping experiences, targeted advertising, and fraud prevention.
As significant data fiduciaries, e-commerce companies will be subject to additional obligations under the DPDPA, such as:
- Ensuring Data Protection: Companies need to check their readiness for data protection including (but not limited to) volume, sensitivity, level of transparency, use of personal data for innovation and research, and resources. They also need to investigate the support required for ensuring compliance, cross-border data flow and customer communication on data usage and sharing data with third parties. Failure to comply with the latest guidelines can result in various penalties.
- Conducting regular data protection impact assessments: This will enhance the cost of compliance for the companies. They must consider technologies that can generate audit logs to track modifications and access to the databases.
- Appointing a data protection officer.
- Obtaining explicit consent from users before collecting or processing their personal data: This is trickier when users are under 18 years of age.
- Providing users with access to their personal data and the ability to erase it: Companies need to explore options for providing data in real time rather than sharing the data with third parties. Technology will play a key role in this by restricting access to the data. Companies will have to build teams to ensure that all the responses to erase the data are taken care of immediately.
- Notifying users of data breaches within a reasonable timeframe: As of now, the Act has not defined “Reasonable Timeframe”. The same will be notified in “Rules”.
Strong consequence management measures, such as non-disclosure agreements, are necessary to deter the misuse of personal data. The focus should be on minimising data collection and sharing only data needed for processing. Data should be encrypted or masked before being shared for enhanced protection.
Recommendations for the industry
- Implement robust data encryption and masking
- Frame proper consent mechanisms
- Make privacy notes visible on websites elucidating data protection
- Update privacy policies in a timely manner
- International companies need to comply with data storage norms across borders
- Ensure no data analytics/campaign targeting is done for children below 18 years
- Accept consumers’ right to delete information from the database when requested.
Overall, the DPDPA is still in its early stages of implementation, so it is not yet clear how it will be enforced. This can be a real challenge for start-ups who are currently more focused on setting up businesses and may not have a robust IT framework in place.
In addition to the legal obligations under the DPDPA, e-commerce / D2C companies have a moral obligation to protect their users’ data. Consumers are becoming increasingly aware of the importance of data privacy and are more likely to do business with companies they trust to handle their data responsibly.
By complying with the DPDPA and taking other steps to protect their users’ data, these businesses can build trust with their customers and position themselves for long-term success.
This article first appeared in News18 on 18 October 2023.