Share this content
10

Accounting package GDPR compliance

Is an 'End of Life' accounting package holding supplier data GDPR compliant

Didn't find your answer?

Hi

Can anybode conform or deny:

If a client which is using, say, a version of Quickbooks Desktop that is no longer updated, and they hold supplier details on there which might include personal address data of Joe bloggs decoraters sole trader.  Is this in breach of GDPR regulations, because the software is no longer supported/updated for security holes?

thanks

 

 

Replies (10)

Please login or register to join the discussion.

avatar
By WhichTyler
24th Jan 2018 15:27

Why are you holding the data? and if you are satisfied that you have to hold it, why does the software status matter?

the regs are principle based, so say only 'Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.' so if you can demonstrate that the data on the server is appropriately protected by physical/software/network measures (the machine is in a lockable office, only you have the key, a password is in place, it is not connected to the internet (or access to your network is robustly secured from attack and your firewalls are routinely updated with latest protection)) then you would be OK .

But best to reduce the data you hold in the first place...

Thanks (0)
Replying to WhichTyler:
avatar
By shareit
23rd Jun 2018 02:03

some apps
shareit
itools 3

Thanks (0)
avatar
By hairyfingers
25th Jan 2018 13:32

assuming the answer is yes that you need to hold the data then the point is : what are "appropriate" technical measures?

If the accounting software is no longer supported then theoretically a security loophole could be discovered which may make it more open to hacking. The loophole will not be closed as not supported and therefore is it an appropriate technical measure to say that the old software is OK to use.

I would say yes it is an appropriate measure if it is a modern PC, with firewall etc and an OS which is updated.

But what would the judge say....

Thanks (0)
Replying to hairyfingers:
avatar
By WhichTyler
25th Jan 2018 13:43

hairyfingers wrote:

what are "appropriate" technical measures?

...

But what would the judge say....

1. The act has not been drafted, let alone passed into law, so there are no judgements to look at.
2. It's down to the Information Commissioner, not the judge
2. If you have a clear policy & procedures of data protection, can show you have thought about risk and are mitigating it, and new systems are designed to reduce risk, then if there is a breach (Iam informed by those more expert) you may get a warning or a 'try harder in future' than a penalty. They want to get people who are actively abusing or reckless with personal data first.

Thanks (0)
Replying to hairyfingers:
avatar
By shareit
23rd Jun 2018 02:03
Thanks (0)
avatar
By [email protected]
26th Jan 2018 10:49

shareit app
share it app
a version of Quick books Desktop that is no longer updated, and they hold supplier details .

Thanks (0)
avatar
By hairyfingers
27th Jan 2018 17:03

thanks all. I'll suggest they update the software to be on the safe side.

Thanks (0)
avatar
By dady
29th Apr 2018 18:53

thanks, great post

googleplay

luckypatcher

Thanks (0)
avatar
By shareit
23rd Jun 2018 02:02

Great Post
share it
itools 3

Thanks (0)
Share this content