Brought to you by
cch

Wolters Kluwer provides software to tax and accounting professionals.

Save content
Have you found this content useful? Use the button above to save it to your profile.

Seven things accountants need to know about GDPR

26th Sep 2017
Brought to you by
cch

Wolters Kluwer provides software to tax and accounting professionals.

Save content
Have you found this content useful? Use the button above to save it to your profile.

Are you counting down the days to GDPR?  Or just getting to grips with what it might mean for your practice? 

Either way, find out more about GDPR with this handy guide.

1. Does GDPR apply to my practice?

Yes, if you operate within the EU or provide goods and services to individuals within the EU.  Because GDPR applies to both “controllers” and “processors” it applies even if you outsource the work to a third-party.

2. Will GDPR be affected by Brexit?

No, because the UK will still be part of the EU when GDPR comes into effect on 25 May 2018.  Even after Brexit, GDPR will continue to apply in some form so that UK businesses can still do business with the EU.

3. If we’re complying with the DPA, will we be GDPR compliant?

Compliance with the Data Protection Act is a great start, but don’t assume there’s nothing more to do.  GDPR introduces higher standards for collecting and storing data, among other things – for example, you’ll need to make consent explicit and even easier to understand.

4. What are the penalties for non-compliance?

For an accountancy practice, reputational risk is probably more important than formal penalties.  That said, maximum fines are much higher than the current £500,000 under the DPA (up to 4% of global annual turnover or €20 million, whichever is the greater, for the most serious infringements). 

5. What’s meant by “the right to be forgotten”?

(Otherwise known as the right to erasure.)  In certain circumstances, individuals can ask for their personal data to be erased, for example if it’s no longer necessary to hold it.  Data controllers must comply without undue delay.

6. What about “the right to portability”?

If they ask for it, you must supply people with a copy of the personal data you hold on them, free of charge.  The data must be in a structured, commonly used and machine readable format.  This allows clients, for example, to easily transfer their tax and accounting information to another practice.

7. How long can I hold data under GDPR?

Although GDPR doesn’t specify a particular length of time, you must not store data longer than necessary.  You’ll need to regularly review the data you’re holding and delete or destroy it if it’s out of date or no longer needed.

Want to know more about GDPR?

Take a look at the Wolters Kluwer Insight Hub at www.wolterskluwer.co.uk/tax-accounting-resources#gdpr+all for the latest GDPR articles and downloads.

Tags: