So where do we stand generally as accountants in terms of clients sending us their books and records, payroll records, confidential customer records/details etc for us to prepare the accounts. Or, more specifically, where does the client stand on this.....in order for them to 'protect' their data do they then need to be sure we can also protect it once passed to us? How do they know we can protect it? Or once they have done their GDPR bit and passed it to us are they off the hook if there is a data leak by us? Or is the client supposed to be doing more in assessing us?! Thanks.