7 ways to beef up GDPR compliance
How we can help with GDPR by Emanur Rahman, CEO, Onkho
If you were to fall foul of the GDPR you could face a financial fine of up to 4% of your annual fee income. To help reduce the risk of this happening, here are some simple ways to beef up your defences using Onkho Cloud Practice Management for accountants.
- Automated email verification for Clients. This happens as part of the sign up to the Client Portal and will reduce the chances of sending information and documents to the wrong person due to misspelling an email address.
- Secure access to documents. Rather than take the risk of sending documents over the internet as email attachments, make documents available through the Client Portal instead. In this way, you can avoid the administrative overhead of password protecting every document and avoid the risks associated with transferring documents across email.
- Location based verification of team logins. We will track where your team members are logging in from and you will be alerted if the location changes. We will not prevent this access as it may be genuine and time-sensitive. However, by being notified you can take actions if you think its suspicious.
- Controlled access for the Success Team. From time to time, you may need the Success Team's help and that may mean that we need to look at your Client information. If this is the case, you will temporarily add us to your team and then remove us when we're done. This is the only time that the Success Team or anyone at Onkho will actually see your Client information and it's in your control.
- Getting consent from clients This is the process of asking your clients for permission to collect, store and use their information. To do this use our Message Templates to create a single consent message that you can send to all of your existing clients in one go - like a mail or document merge. You can use the same message template for onboarding new clients as well. Create once and re-use as many times as you need.
- Giving clients access to information about them that you hold Your clients have the right to ask you what personal information you hold about them. You can create a standard response using our Message Templates that has all of the personal information you have and then use it every time you receive a request. This will allow you to respond quickly and in a consistent way. We also provide access via our Client Portal which is a secure place that your clients can access across the internet. In addition to seeing what information you hold, they are able to update the information and access and submit documents.
- Deleting information about clients Your clients have the right to ask you to delete and forget about them. When you delete a client, the client disappears from your client list but still exists in our platform. This is to allow you time to change your mind. If we don't hear from you, we will go ahead and delete the client permanently 30 days later. You can create a standard response using our Message Templates that explains how this delete process will work. This will allow you to respond quickly and in a consistent way.
Also, please remember that you have unlimited team members on all of our plans so there is no reason for your team members to share logins. If they're doing this, you should stop it immediately as it makes it impossible for you to know who has changed a Client's data. This will be very important information if something was to go wrong.
We've spent a great deal of time trawling through the GDPR and the oodles of public commentary to come up with our plans. We've also got some great ideas in the pipeline which will help further reduce the risks of a fine so please check out our blog for the latest updates and announcements