GDPR is more than just a destination for accountancy practices

It’s becoming a cliché to point out that GDPR is a journey, not a destination. But that doesn’t mean to say it’s not true.

With all the publicity surrounding 25 May, many accountancy practices are treating this date as a finishing line they have to sprint for, but it’s much more like the starting line of a marathon that businesses will have to get used to running.

From this date onward all organisations – including accountancy practices and their business clients – will have to be able to show they have systems in place that meet the GDPR standards.

To an extent, the current data protection laws can be satisfied by ticking off a list of software and policy requirements. By contrast, GDPR takes a holistic view of personal data security which will require accountancy practices to carefully match their compliance efforts to their particular circumstances.

Firms will need to assess risks in their systems, create policies to address those risks and implement and monitor procedures in line with those policies.

Continuous monitoring

GDPR compliance is therefore a continual process which will have to happen alongside the normal day-to-day work of busy accountancy practices. Of course it’s also an opportunity for tax and accounting professionals to demonstrate accountability for the collection, storage and processing of personal data.

To take just one example, under GDPR, organisations will have a duty to report certain types of personal data breach within 72 hours of becoming aware of them. That single obligation involves a whole series of questions that need to be addressed, including:

  • Do your staff know how to recognise a personal data breach?
  • Do you have a response plan?
  • Have you allocated responsibility for dealing with breaches?
  • How will you document breaches, even if they don’t need to be reported?
  • Do you know who the relevant supervisory authority is for your processing activities?
  • Do you know what information you’ll need to send them?
  • How will you assess the risk to individuals in the event of a breach?
  • How will you contact the affected individuals?
  • Do you know what information and advice you have to provide those individuals?

Software to help with GDPR compliance

These questions cover just part of one aspect of GDPR compliance. Looking at that list, a lot of accountancy practices will feel they need some help. Fortunately, there are software solutions that can offer just that.

We’ve partnered with a leading online solutions provider to support accountancy practices and their clients in their journey to initial compliance and ongoing governance. CCH GDPR Compliance is a cloud-based system that brings together everything you need for GDPR in one place. Simple checklists and workflows generated by the software steer you through each aspect of compliance. The system helps you log, report and manage data breaches and it allows you to update all your privacy notices from a single location.

So if you need help running the GDPR marathon, get in touch with us today.

Click here for all things GDPR

Recent articles

View by topic