by John McCarthy Consulting Ltd. | Mar 8, 2018 | News
Helping you with your GDPR implementation, here are some steps every accountancy firm can take to ensure they are GDPR compliant by 25 May 2018.
What to do now
- Appoint someone internally to take control of understanding the new regulation and how it will affect your practice. Organisations with fewer than 250 employees are not required by law to appoint a data protection officer (DPO), but someone needs to ensure you’re compliant.
- Perform a data audit to understand and formally record:
- the type of data you hold and;
- where it is held.
This requirement is quite far reaching when you think about it – accounting and tax software, audit software, payroll software, practice management systems, network drives, C and D drives and of course, paper accounting, tax, company secretarial and audit files.
The review will need to extend to the many individual devices on which information is stored – e.g. laptops, desktops, tablets, phones and memory sticks. You can’t put processes in place until you know what you’ve got and where it’s located.
- Think about security processes – physical security and IT backup procedures.
Most good IT support firms and software houses will be ready to guide you through the technical bits. You will need to check contracts with third parties who hold data on your behalf, including software providers and cloud-based services (known in the legislation as data processors). It will be important to understand where they hold the data and to ensure that they are GDPR compliant.
For more practical hints and tips on data protection and to get you started on your preparations for 25 May, please come to one of our series of courses on the ‘General Data Protection Regulation – What Accountants Need to Know’ at the Talbot Hotel, Stillorgan, County Dublin on one of the following dates:
Wednesday 18 April 2018 2pm to 5pm
Wednesday 30 May 10am to 1pm
For more information on our other upcoming courses click here
by John McCarthy Consulting Ltd. | Mar 8, 2018 | News
The 25 May 2018 deadline for GDPR implementation looms ever closer.
It is vital that all accountants and their clients have at least a basic understanding of the new Data Protection Regulation (GDPR) that will come into effect from 25 May 2018.
Here is another in our continuing series of tips on how bet to implement the new rules.
Right to be forgotten
GDPR introduces a new ‘right to be forgotten’ giving individuals (essentially former clients and employees) the right to request for all their personal data to be deleted.
How does this affect the typical accountancy firm holding data for money laundering identity checks and information held within the firm’s own accounting records?
It has been confirmed that this new right is overridden by statute – i.e. an individual cannot require you to delete information from your due diligence and internal accounting records, when there is an overriding statutory requirement for holding that data.
Although how much personal data you would hold for accounting purposes is questionable. However, if you’re holding information over and above what’s required by law (five years after the client has left the firm, for AML purposes for example) for some other purpose, then you would have to consider the legal basis and the individual’s rights.
For more practical hints and tips on data protection and to get you started on your preparations for 25 May, please come to our course on the ‘General Data Protection Regulation – What Accountants Need to Know’ at the Talbot Hotel, Stillorgan, County Dublin on the following date:
Wednesday 30 May 10am to 1pm
For more information on our other upcoming courses click here
by John McCarthy Consulting Ltd. | Mar 7, 2018 | News
Small accountancy practices, like any other SME will need to ensure they have written policies and procedures in place on time to implement the requirements of the GDPR by 25 May.
Here are some more ideas for some practical implementation steps firms may be able to take.
Privacy notices
Privacy notices are used to inform individuals that you hold their data, how, why, where it’s held and their rights. You can provide this information in various ways e.g.:
- by updating employment contracts;
- updating the terms in letters of engagement;
- updating your website; or
- any other method you feel is appropriate e.g. client newsletters.
Guidelines from the Data Protection Commissioner require privacy notices to be clear, concise, and easily accessible.
Current wording in the above documents is likely to refer to The Data Protection Acts 1988 and 2013 and is unlikely to comply with the new requirements and will require revision.
For more practical hints and tips on data protection and to get you started on your preparations for 25 May, please come to one of our series of courses on the ‘General Data Protection Regulation – What Accountants Need to Know’ at the Talbot Hotel, Stillorgan, County Dublin on one of the following dates:
Wednesday 18 April 2018 2pm to 5pm
Wednesday 30 May 10am to 1pm
For more information on our other upcoming courses click here
by John McCarthy Consulting Ltd. | Mar 7, 2018 | News
There are probably too many blogs and press releases about the GDPR (The General Data Protection Regulation) these days. Here’s how we think the new regulations, coming into force on May 25th 2018, will affect small accountancy practices.
What is data?
It’s worth mentioning straight away, that this regulation covers personal data (not company data) i.e. data which can be used to identify a living EU citizen, who may live anywhere in the world!
It affects all businesses, regardless of size, but will have a greater impact on businesses dealing with consumers/clients. Business-to-business organisations do still have to be compliant, but by their nature will not hold as much personal data. So, the information we’re talking about is, for example, your employee data, personal tax clients, payroll details of clients etc.
Consent
There is a lot being made about the enhanced requirements to obtain consent. However, consent is only one of six legal bases for processing data. The others include where processing is “necessary for the performance of a contract” and “necessary for compliance with a legal obligation” – for example, the contract you have entered into with your client to provide accountancy services and your legal obligation to perform due diligence checks to comply with money laundering regulations.
The consumer’s expectations about the information you hold and why you hold it is also relevant. You are not holding your employees’ bank details because they’ve consented – you’re holding them to fulfil your legal obligation as their employer to pay them.
There was a query from an insolvency practitioner as to whether he would need to obtain consent from and/or issue privacy notices to the employees of the bankrupt companies he acted for. The answer was, in theory, yes, but, given that he is holding that information as part of the winding up process to inform the Department of Social Protection and pay outstanding wages, the employees would reasonably expect the practitioner to require and hold this information.
However, in all these cases you must consider the legal basis for holding information and if you are subsequently required, or decide, to use the information for another purpose, marketing for example, you should review the legal basis and obtain consent if required.
For more practical hints and tips on data protection and to get you started on your preparations for 25 May, please come to one of our series of courses on the ‘General Data Protection Regulation – What Accountants Need to Know’ at the Talbot Hotel, Stillorgan, County Dublin on one of the following dates:
Wednesday 21 March 2018 10am to 1pm
Wednesday 18 April 2018 2pm to 5pm
Wednesday 30 May 10am to 1pm
For more information on our other upcoming courses click here
by John McCarthy Consulting Ltd. | Mar 7, 2018 | News
All accountants and their clients have at least a basic understanding of the new Data Protection Regulation (GDPR) that will come into effect from 25 May 2018.
Here we present some more tips to aid data protection compliance by the 25 May deadline.
Handling information from clients for their personal information (subject access requests)
Do your staff know:
- That people have a right to have a copy of the personal information you hold?
- How to recognise a subject access request?
- To whom to pass it, if it is not their responsibility to answer?
- That the firm currently has a maximum of 40 days at present, to respond, reducing to 30 days on 25 May?
- That the maximum fee that can be charged is €6.35 now, but this will fall to zero on 25 May 2018?
- That they may need to check the identity of the requester?
- For more practical hints and tips on data protection and to get you started on your preparations for 25 May, please come to one of our series of courses on the ‘General Data Protection Regulation – What Accountants Need to Know’at the Talbot Hotel, Stillorgan, County Dublinon one of the following dates:
Wednesday 21 March 2018 10am to 1pm
Wednesday 18 April 2018 2pm to 5pm
Wednesday 30 May 10am to 1pm
For more information on our other upcoming courses click here
by John McCarthy Consulting Ltd. | Mar 6, 2018 | News
Data protection is always a live issue for accountants and their staff. Here are some more tips and ideas on making the data of clients, employees and others more secure in advance of 25 May.
Disclosing client information over the telephone
Do your staff know:
- To be aware that there are people who will try and trick them to give out personal information over the phone?
- That to prevent these disclosures, they should carry out identity checks, before giving out personal information to someone making an incoming call?
- To perform similar checks when making outgoing calls?
- About limiting the amount of personal information given out over the telephone and to follow up with written confirmation if necessary?
For more practical hints and tips on data protection and to get you started on your preparations for 25 May, please come to one of our series of courses on the ‘General Data Protection Regulation – What Accountants Need to Know’ at the Talbot Hotel, Stillorgan, County Dublin on one of the following dates:
Wednesday 21 March 2018 10am to 1pm
Wednesday 18 April 2018 2pm to 5pm
Wednesday 30 May 10am to 1pm
For more information on our other upcoming courses click here
