Save content
Have you found this content useful? Use the button above to save it to your profile.

Accountants face more complex data protection

4th Nov 2016
Save content
Have you found this content useful? Use the button above to save it to your profile.

Charles Darwin adopted a pragmatic stance when he said, “It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change.”

Some professions are known to fight change, but now data protection legislation has been approved that sets new standards for privacy, change is non-negotiable and accountants should begin a review of their processes in readiness for a stricter era.

The new legislation sets the bar high and expects all businesses to have ‘privacy friendly’ techniques such as encryption and data protection by design and default, along with the right systems and processes.

The future of data protection

The General Data Protection Regulation (GDPR) directive came into force on 5 May 2016, giving EU Member States until 6 May 2018 to transpose it into their national laws. Despite the Brexit vote, the new regulations will come into force before the UK leaves the EU and the ICO guidance is for businesses to continue to prepare as it is anticipated that domestic legislation will be enacted to adopt them into domestic UK law.

This single set of rules will impact every organisation that handles personal data. It is designed to prevent conflicting national data protection rules from disrupting cross- border exchanges of information and to encourage companies, especially small and medium-sized enterprises, to get the most out of the digital single market.

Improve your security

Keeping data safe and private is of paramount importance, both when stored and when communicated electronically. Emails will not suffice and client communication needs
to be encrypted with the use of a secure portal where documents can be transmitted securely.

As the regulation allows users to claim damages in the instance of data loss or as a result of unlawful processing, this could indeed prove costly to businesses, both in financial terms and reputational damage. The additional level of security provided by a portal
is particularly relevant when using smartphones and tablets, as documents are fully encrypted should the device go missing or is stolen.

Preventing a data breach

Every firm needs to re-examine their processes to ensure compliance.

  1. Protect against data security breaches with rigorous procedures, which ensure emails cannot be sent to the wrong recipient 

  2. Securely encrypt personal data and documents before transmitting – a document portal provides the highest levels of security and can be customised with own branding 

  3. Put in place clear policies for a timely response to any data breach and notify in time where required 

  4. Check that you have legitimate grounds for the retention of personal data

  5. When transferring data, it will be important to ensure that there is a legitimate 
basis for transferring personal data to jurisdictions that are not recognised as having adequate data protection regulations.

With the risk of such high fines, accountants cannot afford to leave it too late to make such essential changes. They will need to adopt entirely new behaviours in the way they collect and use personal information and the planning needs to start now.

Complying with the demands of the new regulations is
not an easy challenge, however Electronic Document Management (EDM) systems can reduce the workload involved. EDM systems make client communication a more secure experience through the use of document portals that are both document-centric and transactional.

A document portal is essentially a secure web interface. It allows better sharing of documents and closer interaction with clients, whether on their smartphones, tablets
 or desktop devices. This ultimately helps to provide a faster turnaround, reducing the back and forth cycle of correspondence by weeks. It is the path all accountants need to travel.

EDM is about so much more than saving physical storage space. It provides a natural backbone for every business that is looking to attain the highest levels of productivity by automatically filing documents in logical locations, 
saving time when searching and retrieving documents and controlling in-house documentation processes. 


Moving forward, EDM can help every business meet these new obligations for quality assurance and data security.

Author - Mark Woolley, Commercial Director, Reckon Software and developers of Virtual Cabinet, the accountancy profession’s preferred document management & portal solution. ‘A guide to electronic document management and secure document transfer’ is available to download from:

http://go.reckon.com/whitepaper/

 

 

Replies (2)

Please login or register to join the discussion.

Locutus of Borg
By Locutus
07th Nov 2016 10:29

I have a portal already (Iris OpenSpace), which I primarily use for clients to digitally sign documents.

But for convenience, e-mail is my main channel of communication.

Unencrypted e-mails are not totally secure. However, they are fairly difficult to intercept unless you work for the particular Internet Service Provider(s) involved in transporting the e-mails, GCHQ or an employer's IT department at the receiving end (where the recipient uses a work e-mail).

I think it is sensible that all personal data held on servers / computers should be routinely encrypted, but since e-mails are so endemic, I cannot see small businesses changing their procedures any time soon.

I suspect most small businesses will simply be unaware of or ignore the EU regulation on the grounds that the risks of non-compliance to the strict letter of the law are low.

Thanks (1)
avatar
By North East Accountant
11th Nov 2016 08:36

"Emails will not suffice and client communication needs 
to be encrypted"

Are emails communications going to be against the law unless encrypted?

Thanks (0)