GDPR – Let’s be practical

GDPR – Let’s be practical

There are probably too many blogs and press releases about the GDPR (The General Data Protection Regulation) these days. Here’s how we think the new regulations, coming into force on May 25th 2018, will affect small accountancy practices. 

What is data?

It’s worth mentioning straight away, that this regulation covers personal data (not company data) i.e. data which can be used to identify a living EU citizen, who may live anywhere in the world!

It affects all businesses, regardless of size, but will have a greater impact on businesses dealing with consumers/clients. Business-to-business organisations do still have to be compliant, but by their nature will not hold as much personal data. So, the information we’re talking about is, for example, your employee data, personal tax clients, payroll details of clients etc.

Consent

There is a lot being made about the enhanced requirements to obtain consent. However, consent is only one of six legal bases for processing data. The others include where processing is “necessary for the performance of a contract” and “necessary for compliance with a legal obligation” – for example, the contract you have entered into with your client to provide accountancy services and your legal obligation to perform due diligence checks to comply with money laundering regulations.

The consumer’s expectations about the information you hold and why you hold it is also relevant. You are not holding your employees’ bank details because they’ve consented – you’re holding them to fulfil your legal obligation as their employer to pay them.

There was a query from an insolvency practitioner as to whether he would need to obtain consent from and/or issue privacy notices to the employees of the bankrupt companies he acted for. The answer was, in theory, yes, but, given that he is holding that information as part of the winding up process to inform the Department of Social Protection and pay outstanding wages, the employees would reasonably expect the practitioner to require and hold this information.

However, in all these cases you must consider the legal basis for holding information and if you are subsequently required, or decide, to use the information for another purpose, marketing for example, you should review the legal basis and obtain consent if required.

For more practical hints and tips on data protection and to get you started on your preparations for 25 May, please come to one of our series of courses on the ‘General Data Protection Regulation – What Accountants Need to Know’ at the Talbot Hotel, Stillorgan, County Dublin on one of the following dates:

Wednesday 21 March 2018 10am to 1pm

Wednesday 18 April 2018 2pm to 5pm

Wednesday 30 May 10am to 1pm

For more information on our other upcoming courses click here

GDPR – It’s not going away

GDPR – It’s not going away

All accountants and their clients have at least a basic understanding of the new Data Protection Regulation (GDPR) that will come into effect from 25 May 2018.

Here we present some more tips to aid data protection compliance by the 25 May deadline.

Handling information from clients for their personal information (subject access requests)

Do your staff know:

  • That people have a right to have a copy of the personal information you hold?
  • How to recognise a subject access request?
  • To whom to pass it, if it is not their responsibility to answer?
  • That the firm currently has a maximum of 40 days at present, to respond, reducing to 30 days on 25 May?
  • That the maximum fee that can be charged is €6.35 now, but this will fall to zero on 25 May 2018?
  • That they may need to check the identity of the requester?
  • For more practical hints and tips on data protection and to get you started on your preparations for 25 May, please come to one of our series of courses on the ‘General Data Protection Regulation – What Accountants Need to Know’at the Talbot Hotel, Stillorgan, County Dublinon one of the following dates:

Wednesday 21 March 2018 10am to 1pm

Wednesday 18 April 2018 2pm to 5pm

Wednesday 30 May 10am to 1pm

For more information on our other upcoming courses click here

Data Protection – Accountants getting ready for 25 May 2018

Data Protection – Accountants getting ready for 25 May 2018

Data protection is always a live issue for accountants and their staff. Here are some more tips and ideas on making the data of clients, employees and others more secure in advance of 25 May.

Disclosing client information over the telephone

Do your staff know:

  • To be aware that there are people who will try and trick them to give out personal information over the phone?
  • That to prevent these disclosures, they should carry out identity checks, before giving out personal information to someone making an incoming call?
  • To perform similar checks when making outgoing calls?
  • About limiting the amount of personal information given out over the telephone and to follow up with written confirmation if necessary?

For more practical hints and tips on data protection and to get you started on your preparations for 25 May, please come to one of our series of courses on the ‘General Data Protection Regulation – What Accountants Need to Know’ at the Talbot Hotel, Stillorgan, County Dublin on one of the following dates:

Wednesday 21 March 2018 10am to 1pm

Wednesday 18 April 2018 2pm to 5pm

Wednesday 30 May 10am to 1pm

For more information on our other upcoming courses click here

Data Protection – What accountants need to know

Data Protection – What accountants need to know

Data protection is a core principle of what accountants do (i.e. client confidentiality) and always needs to be taken seriously. As part of our series of blogs setting the scene for the new data protection rules coming into effect on 25 May 2018 we suggest here some tips and ideas for accountancy firms to implement so as to make their data more secure.

Meeting the reasonable expectations of clients and employees

Do your staff know:

  • To collect only the personal information, they need for a particular business purpose?
  • To explain new or changed business processes to clients and fellow employees or contractors, and to obtain consent or provide an opt-out where appropriate?
  • To update records promptly – for example, changes of address, marketing preferences?
  • To delete personal information the business no longer requires?
  • That they commit an offence if they release client / employee records without their employer’s consent?
  • About any workplace monitoring that may be in operation?

For more practical hints and tips on data protection and to get you started on your preparations for 25 May, please come to one of our series of courses on the ‘General Data Protection Regulation – What Accountants Need to Know’ at the Talbot Hotel, Stillorgan, County Dublin on one of the following dates:

Wednesday 21 March 2018 10am to 1pm

Wednesday 18 April 2018 2pm to 5pm

Wednesday 30 May 10am to 1pm

For more information on our other upcoming courses click here

GDPR Awareness checklist for small and medium sized organisations

GDPR Awareness checklist for small and medium sized organisations

It is vital that all accountants and their clients have at least a basic understanding of the new Data Protection Regulation (GDPR) that will come into effect from 25 May 2018.

However, it’s not as if data protection only becomes an issue on 25 May – it’s a live issue today!

Statistics tell us that some 80% of security incidents or data breaches involve employees. When such a breach occurs, it can raise client concerns about the handling of their personal information (e.g. the security of their tax information).

Keeping personal information secure

Do your staff know:

  • To keep passwords secure – change them regularly, no sharing?
  • Make passwords from a phrase, with a mixture of at least eight characters, upper and lower case and some numbers and symbols?
  • To lock / log off computers when away from their desks?
  • To dispose of confidential paper waste securely by shredding?
  • To prevent virus attacks by taking care when opening emails and attachments or visiting new websites?
  • About working on a ‘clear desk’ basis – by securely storing hard copy personal information when it is not being used?
  • That visitors should be signed in and out of the premises or restricted in areas normally accessible to staff?
  • About positioning computer screens away from windows and at reception to prevent accidental disclosures of personal information?
  • To encrypt personal information that is being taken out of the office if it would cause damage or distress if lost or stolen?
  • To keep regular back-ups of information?

For more practical hints and tips on data protection and to get you started on your preparations for 25 May, please come to one of our series of courses on the ‘General Data Protection Regulation – What Accountants Need to Know’ at the Talbot Hotel, Stillorgan, County Dublin on one of the following dates:

Wednesday 21 March 2018 10am to 1pm

Wednesday 18 April 2018 2pm to 5pm

Wednesday 30 May 10am to 1pm

For more information on our other upcoming courses click here