The business world loves buzzwords, and nothing’s buzzier right now than GDPR (general data protection regulation). Mention GDPR to a marketing team and watch as they begin convulsing, for the new general data protection regulation means some significant changes regarding companies’ use of personal data are about to be enforced.
If you’re only just hearing about GDPR, where have you been? The transition period for the new regulation began two years ago and is set to conclude on Friday, 25th May 2018. After that, the manner in which companies use people’s data will change… FOREVER!
Luckily for accountants, GDPR is nothing unusual. Another day, another change in regulation. The flexibility that’s becoming something of a prerequisite for accountants means that with some work, you’ll be up-to-date on everything you need to know.
At A Glance: GDPR
The current data protection guidelines date back to 1995. As you might have guessed, they’re a little outdated. Our ability to capture personal information through technology has progressed at an alarming rate. The GDPR is a much-needed counter to companies greedy thirst for personal data.
The GDPR will force companies to build privacy features into their digital platforms and make sure they’re turned on by default. Companies that contact customers for marketing purposes will be required to gain explicit consent before they can hit send. Similarly, companies must allow users the possibility of accessing their data, as well as being given the option to withdraw their consent at any stage. Companies that process, collect and store personal data must be able to justify the audience is relevant to the product or service they provide.
GDPR for Accountants?
It’s not just marketers that get their grubby hands on people’s vital statistics. Accountants, too, have personal data stored on their systems. Personal accountants have their clients’ information stored on various platforms; likewise, accounting compliance systems will be full of customer data.
Unlike marketing data, however, information stored for accountancy is confidential by design. The restrictions of working in such a profession make the GDPR less drastic for accountants; this means that notifying customers of how their data is used may be unnecessary in some cases as storage is often a legal obligation for auditing, for example.
For GDPR compliance, it will be essential to look over the data that the accounting arm of a company collects, processes and stores to determine if any gaps in compliance exist; for example, if a client’s data no longer needed, why keep it? If, however, a marketing team wants to use the data for a yearly audit reminder, they will need to gain explicit consent from the customer.
Having a central point for data storage is going to be very important after GDRP is enforced. Having several, non-integrated customer relationship management (CRM) platforms is likely to be seen as a flaw in the company’s approach to providing adequate security of personal data. Having more than one CRM is also expected to cause headaches when someone withdraws consent for contact. Another regulation that will apply to accountants is the need to show the details of where the data is stored. Often companies use cloud storage systems or off-site servers; GDPR has rules regarding data storage, so accountants will need to get in contact with their provider to understand if their provider is GDPR client; if not, time to find another! Similarly, any third party programmes that use personal data will need to GDPR compliant.
For companies with over 250 employees, privacy policies will need to be updated to reflect who in the company has access to the personal data, why the data is stored, how long it’s kept for, and the rights of the person whose data is collected. Reviewing consent policies regarding data usage will also be necessary.
The other elements involved in becoming GDPR compliant are largely the responsibility of other departments. IT, for example, must assess and test data security to make sure the systems are equipped to deal with potential threats. Being that data breach threats have long been a potential issue for financial services like accounting, most firms may already be delivering on this regulation.
While not absolute, this short outline certainly gives accountants an insight into the types of things that need to be addressed to become GDPR compliant. Did we miss anything (we almost certainly did)? Post your comments below and help your fellow accountants out. Alternatively, check out the ICO’s 12-step programme to getting GDPR compliant.
Interested in becoming an accountant? Each AAT level offers a well-documented route into employment. Find out more by contacting Aspiring Accountants today.