Professional Services and CSRD 

Sustainability strategies in the era of increasing regulation and stakeholder interest

The era of sustainability is upon us. What began with corporate social responsibility (CSR) and environmental, social and governance (ESG) frameworks, is the move towards non-financial mandated reporting that will fundamentally shift how firms and their clients view the significance of sustainability. Most recently, the EU enacted its corporate sustainability reporting directive (CSRD) which is designed to make corporate sustainability reporting more common, consistent and standardised – like financial accounting and reporting. 

The directive’s impact is far-ranging and essentially modernises and strengthens the social and environmental information that companies have to report. What’s really new is that in addition to all large and listed companies in the EU being required to comply, non-EU companies with large subsidiaries in the EU will also need to report. CSRD is indicative of the future of sustainability reporting and makes it clear that firms and their client companies need to start preparing by improving and tracking their sustainability. Even with more regulation around sustainability, there is a wider context that goes beyond the letter of the law. Many firms and their client companies are figuring out their sustainability programmes from pressures outside of straightforward regulation, often from investors, consumers and other stakeholders.

Most firms probably already have some sustainability initiatives in place. This can include diversity programmes, local community outreach and pro-bono work. A firm could consider increasing its pro bono hours, partnering with charities and social justice causes, taking on environmental cases and demonstrating commitments to diversity, equality, and inclusion. While each firm has to ask itself what are its priorities and where it can have the largest influence, there are some fundamental pieces of sustainability infrastructure every firm should have in place. 

Find out more.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.