Risk Advisory Services



Risk management services provide a systematic and disciplined strategy for assessing and improving the efficiency of risk management functions, oversight and corporate governance.


General Data Protection Regulation

The European Union, by means of Regulation 679/2016 of the European Parliament and of the Council, ensures the protection of individuals with regard to the processing of personal data and the free movement of such data, repealing Directive 95/46 / EC (General Data Protection). The implementation of the new Regulation comes into force on 25.05.2018.

Personal Data means any information relating to an identified or identifiable natural person.

This affects almost all companies (private and public) who manage personal data of employees, customers, associates, and individuals in general.

Non-compliance results in large fines for infringements where up to EUR 20,000,000 or up to 4% of the total annual turnover of the company's previous business year, according to the infringement.

The new Regulation 679/2016 of the European Union for the Protection of Personal Data requires the strict compliance of all companies and public bodies that manage personal data of individuals, significantly increasing their obligations.

Crowe has developed a holistic approach to complying with companies by offering the services required to ensure that each company complies with the obligations set out in the regulation.

Our approach

  • Evaluation of status-quo
  • Data flow diagrams
  • Gap analysis and compliance plan formulation
  • Data security and implications assessment (DPIA)

For the fuller compliance with the Regulation, the following are additionally proposed:

  • Employees training
  • Inspections

Data Protection Officer (D.P.O.)

The appointment of a Data Protection Officer is mandatory for all Public Entities as well as for other organizations whose main activity requires the systematic monitoring of individuals on a large scale or the processing of specific categories of personal data. The role of the Data Protection Officer is advisory and supportive as he informs, advises and monitors the company regarding compliance with the Regulation in order to minimize the risk of breach. The appointment of a Data Protection Officer is an important "tool" in the hands of Management.


Risk Management

Risk management involves understanding and identifying corporate risk. It reduces operational costs, ensures regulatory compliance and contributes towards the execution of the corporat strategy.


Internal Control

Internal Control is an independent, objective business activity that designed to create value, but also to improve corporate operations. Within the risk management services framework, our advisors compile the internal code of conduct, organize and train the internal audit department and carry our initially the process itself.


Solvency II

The introduction of the new solvency framework for insurance companies known as the “Solvency II Directive” (Greek Law 4364/2016), poses a major challenge for companies who will need to address the full range of issues relating to Corporate Governance, Risk Management and Internal Control.


Insurer Insolvency

The liquidation of insurers constitutes a special form of insolvency. The features resemble to the standard bankruptcy procedures. Its main purpose is to ensure the satisfaction of insurance claims by insurance companies undergoing liquidation.


Professional Insurance Funds.

The law governing the composition, organization and functioning of Professional Insurance Funds (Greek Law 3029/2002) incorporates features drawn from relevant European practice. The stringent requirements of the legal framework aims to enhance the robustness and efficiency of these funds by adopting European best practices.


Spiros Kapsokavadis

Director, Risk Management Services