Brought to you by
initor_global_logo_rgb_without_tag_line.png

Initor Global UK provides premium outsourced services to UK accountants and businesses.

Save content
Have you found this content useful? Use the button above to save it to your profile.

Data security for accountants considering outsourcing

17th Apr 2024
Brought to you by
initor_global_logo_rgb_without_tag_line.png

Initor Global UK provides premium outsourced services to UK accountants and businesses.

Save content
Have you found this content useful? Use the button above to save it to your profile.

UK accountants have been working to comply with the General Data Protection Regulations (GDPR) since 2018. When considering outsourcing work to an offshore supplier, accountants will need assurances client data is protected, and the risk of a data breach is minimised. For GDPR purposes, the UK accountant will be the Data Controller and the offshore accountant is the Data Processor.

Any accountant responsible for controlling data will have arrangements in place to meet the requirements of GDPR and will keep these under regular review. Accountants will also have robust security arrangements, including physical safeguards to protect data.

When engaging an outsource supplier to process client data, the onshore accountant will need to review and update internal systems and processes to ensure data is transmitted and received securely. This usually involves the outsource supplier accessing client servers using secure login arrangements. If this isn’t possible, most outsource suppliers use secure online file hosting services or password protected documents, though these may not be sustainable where high volumes of client data are exchanged.

When outsourcing work, the UK accountant should always seek confirmation about any data security credentials published by an offshore accountant. They will also need to understand the operational procedures established by the offshore accountant to ensure data security and complete a risk assessment accordingly.  

Internal policies and procedures will need to be updated to cover the tasks undertaken by the offshore accountant and the nature of data processed. Some UK accountants decide the offshore accountant should see only limited or anonymised client data; others decide the offshore accountant needs full access to client information to work effectively. Including the offshore accountant in any training or staff updates can helps ensure awareness of the continuing importance of data security and the action required in the event a data breach occurs, including who to report the incident to.

While data breaches in themselves can be minor and may not require formal reporting, repeated incidents can lead to a breakdown in trust and confidence between the UK accountant and the offshore supplier. The reputational damage to an accountant where the Information Commissioner decides an investigation is merited or imposes a sanction can be considerable.

Initor Global ensures data security by using the most secure, advanced accounting software available with state-of-the-art systems and other physical safeguards to prevent the loss or misuse of data. Our people receive regular training on data protection matters. We are GDPR compliant and ISO 27001 accredited, and use cloud-based solutions to ensure data cannot be downloaded, miminising the risk of data loss.

If you are an accountant looking to outsource services, increase margins and help your client’s thrive, you can book a video call with one of Initor Global’s expert advisors using this link or send an email to [email protected]

Initor Global is exhibiting at Accountex 2024 on 15th and 16th May. You can visit us at stand 1265.