GDPR mania: Will accountants dance for the ICO?
Between the 14th and 17th centuries, mainland Europe was sporadically gripped by what became known as ‘dancing mania’.
Groups of men, women and children could be seen dancing energetically around in public, sometimes thousands at a time, for hours on end before collapsing of exhaustion and sometimes dying on the spot.
Despite it being relatively well documented, explanations for this bizarre social phenomenon are patchy. They range from the scientific (some kind of mass poisoning causing hallucinations), the psychological (a mass release of stress brought on by crippling poverty) or the bizarre (in Italy the craze was linked to tarantism, where victims were said to have been poisoned by a tarantula or scorpion).
Having seen the dance floor at a number of accountancy events I can confirm sightings of erratic boogying in the profession, but what has a centuries-old sickness really got to do accounting?
Well last year, accountancy suffered its own short-lived outbreak of mass hysteria, this time in the form of ‘GDPR mania’.
Take the most-read piece on AccountingWEB in 2018 as an example. A Making Tax Digital update you might think? A Rebecca Cave diatribe against HMRC incompetence? How about one of those Excel articles that never seem to die? No, nope and negative. It was actually the peerless Jennifer Adams’ exhaustively researched ‘GDPR and the small accounting firm’. But look at the traffic figures:
Of those who viewed the piece, a whopping 88% of readers consumed Jennifer’s article before the 25 May 2018 deadline. Does this mean the profession is now largely compliant? Have accounting firms danced themselves into data compliant exhaustion? Or is something else going on?
Having just completed the spring conference season and spoken with what seemed like the entire profession, the anecdotal news for data compliance fans isn’t good. Responses I gleaned from the massed ranks of sole practitioners include “I need to do more but I’ve been really busy”, “I’ve done nothing”, and my favourite “GDPR: is that still a thing?”
Larger firms with more to lose from the ICO’s turnover-based approach to penalties have taken more action, but the process has been painful. One senior leader at an 11-partner firm described the compliance procedure to me as “bloody awful,” and apart from a bit of a data cleanse he complained that his firm “haven’t gained a thing”.
"But!” Cry the naysayers, “you’ll be glad you complied in time if you’re hacked or when the ICO clamps down”. In the long term this is totally true, but with new regulations such Making Tax Digital, anti-money laundering, IR35 for the private sector and October’s reverse VAT charge for construction services all jostling to the front of the compliance queue, it’s hard to see where small firms will find the time to adapt their practices.
Test cases remain rare – as reported by PwC’s privacy tracker there are 59 enforcements in total for the 12 months since GDPR came into force. Tax reclaim firm Tax Returned Ltd was fined £200,000 for sending out millions of unsolicited marketing text messages and several legal services firms were also issued with fines. However, none of the above related to accounting firms directly
I suspect that out there in the accounting-verse there are those who have benefited from scrubbing their data and focussing on a smaller number of quality clients or marketing leads, and hopefully they will take to their keyboards to let me know this.
However, ultimately the majority of the profession remain deadline-driven and until the ICO puts away the sheet music and brings out the big compliance stick, you get the feeling that the profession will continue to dance to its own tune.