Why should accountants take notice of GDPR?

Billed as the “most important change in data privacy regulation in 20 years”, GDPR took affect on 25 May 2018. So what is the regulation and why should accountants take notice?

What are the implications for accountants?

Accountants handle a vast amount of data – both client and employee – on a daily basis. Firms will need to ensure that their systems are robust enough to meet GDPR requirements and that the data is protected in line with GDPR provisions. To determine whether operations comply with GDPR, firms may need to carry our an audit on currenct procedures in order to identify if and where they fall short of GDPR standards.

By failing to comply, accountants leave themselves open to significant penalties. Organisations in breach of the regulation could be fined a standard penalty of €10m or 2% of annual global turnover, up to a maximum of 4% of annual global turnover, or €20m, whichever is greater.

As accountants position themselves as strategic advisers to clients, GDPR is an opportunity for firms to demonstrate to clients that they can securely hold and process information in line with data requirements, and that protection of client data is a priority for the practice. As a result, clients are likely to see their accountants as trusted professionals to whom they can entrust business and personal data, and with whom they can partner to drive their business forward.

Actions your firm needs to consider

• Understand where and how your firm uses and stores personal data of EU individuals.
• Review the regulation with technology professionals and legal counsel to understand your firms’ obligations as a controller or processor of personal data.
• Implement a compliance and monitoring plan.
• Review your existing security controls.
• Assess your third parties’ personal data security standards.
• Be prepared to report data breaches promptly, and within 72 hours