The new General Data Protection Regulation (GDPR) will be coming into effect on 25th May 2018, introducing new requirements for business to better handle and safeguard personal data. Failing to comply can lead to a hefty fine of up to 20 million euros, or up to 4% of total annual worldwide turnover. If you’re not already thinking about preparing your firm for the changes then you need to work fast – or face putting your business at risk.
A recent survey found that 9% of accountancy firms have a very basic understanding of what GDPR really means and the impact on their business. But how can accountants get ahead of the game, ensure they are complying and encourage their clients to do the same?
In this blog, we explore the key steps involved to assess your own data and processes to make sure your accountancy firm is GDPR compliant by May 25th.
- Examine your CRM and marketing system
CRM tools will be vital to gaining and maintaining GDPR compliance. If your CRM system is integrated with email marketing then you’ll need to implement a double opt-in process, ensuring complete transparency regarding both gaining permission and prospective data usage. In short – it’s about gaining explicit consent whilst confirming information. The new model also poses limitations regarding how long your CRM can hold this individual’s data, indicating that your firm will have to make a compelling case as to why a longer retention is needed.
To discover more about the right way to obtain consent and how to ensure your data remains secure, click here.
- Emails and attachments
Here, accountants need to think about the emails coming into the office that contain attachments such as invoices, credit notes and receipts. What do you do with those attachments? It’s likely that they will get forwarded to colleagues, but remember that forwarding an email to someone’s inbox replicates the data – and increases the risk of data breaches.
To minimise the risk of data exposure via email, secure data sharing portals allow both clients and accountants to share their data, make comments and flag anything missing or inconsistent. This not only increases security, it also provides an audit trail of shared information all in one place.
- Client’s data
Keeping each client’s information safe and secure is a huge priority for accountants as it already stands, but GDPR is raising that bar. You’ll have to look at what information you’ve gathered from your clients and ask yourself ‘Why do I have this data?’. This is a good first step for stricter access, and for general data housekeeping. The audit should include both data and the devices on which data is held. Are the devices secure? Are they public? Looking to encrypt your data may also be a positive step ..
Clearly there’s a lot to consider when it comes to GDPR and accountants may find the task is more manageable with a single person assigned as a ‘Data Protection Officer’ (DPO) to take the lead and ensure your firm is compliant by 25th May. That being said, it’s important that all employees take responsibility for GDPR and are working to the same rules – it involves everyone and can’t be put to one side!
If you’d like to find out more about what the General Data Protection Regulation (GDPR) means for accountants, download our eBook ‘A CaseWare Guide to Preparing Yourself for GDPR’ here.