Why do accountancy practices need GDPR support?

Managing Director

Fav thing about the office

Good banter

As a child I wanted to be a ... when I grew up


Guilty Pleasure(s)

Strictly come dancing

Favourite Holiday


If I had a superpower it would be...

Mind Reading

Describe yourself in three words or less

Methodical, Energetic, Reliable

An interesting fact about me

Started “Work” life as an opera singer


Horse riding, fillet steak and a good curry

Favourite Band

…into Classical Music

Karaoke Jam

Desperado- The Eagles

What I do at Q2Q:

My role is to provide the overall direction and “eye on the compass” as to where we, as a team, are heading.

I’m still very much focused on the customer and will often get involved in customer solution discussions. As a techie at heart, I’m regularly seeking to understand industry developments and directional changes that may affect our customers, so we and our customers can remain on the front foot.

Background and Achievements

I started out in an I.T technical department of what was then British Rail, following which I joined a large construction company to re-organise their I.T infrastructure.

I then spent a couple of years as a business systems analyst at P&O Nedlloyd designing, developing and implementing systems within their Bulk and Tank Carrier companies.

In 1999 I was appointed as I.T Manager of SockShop and subsequently as of Head of I.T. at the Tulchan Group, comprising then of 300 stores. Due to a Year 2000 compliance issue, we were required to seek an alternative system, which we were able to more cost effectively write ourselves. This product subsequently became known as RAWHIDE and we later sold this product into a number of other businesses. At the time it was quite cutting edge as all the warehouse function was undertaken using handheld, wireless scanners, rather than the batch scanners that were dominant at the time.

In 2003 The Tulchan Group was acquired by Harris Watson. We were then asked to take responsibility for the I.T. of Viyella Ladies wear and in 2004 the demands of two MD’s and two FD’s (Tulchan Group + Viyella), resulted in the sensible decision to break out of the group and Q2Q was born. This then enabled us to also get involved with a number of other group companies (Harris Watson owned companies) as well as other non-group parties.  At one stage we were managing the I.T for almost 500 stores across a number of businesses.

Today Q2Q retains some of the group customers that we acquired along the way, as well as a substantial number of new and diverse customers in almost all industries including accounting, business development organisations, legal marketing, medical, retail and wholesale.

Hobbies and Interests

Horse riding, running (Jogging), motorbikes, reading any of the Detective Rebus stories.

As you know, personal data processing is a crucial part of day-to-day life for accountancy and tax practitioners. And whilst altering procedures and processes to fit within a new framework is hardly our idea of fun, there are definite advantages to streamlining the personal data you hold on file, refining your methods of acquiring, storing and updating it and improving your security measures.

So, instead of putting it off for even longer, why not make sure you’re preparing yourself and your practice for the GDPR now? That way, you can start reaping the benefits of compliance before the laws come into full force.

What data will be covered?

Any personal information that you use within the following will be governed by the GDPR:

·         Practice management systems

·         Compliance systems (personal tax, payroll, accounting and bookkeeping)

·         Working papers (handwritten or computerised)

·         Marketing resources

·         Emails and correspondence (internal and external)

So, where do I start?

There are a number of essential steps to preparing your practice for the changes:

1.       Carry out an audit – Compare your current practices to the GDPR framework and assign a Data Protection Officer (if needed) to take responsibility for your transition.

2.       Start a data register – This will act as the official audit trail should you need to evidence compliance attempts to the Information Commissioners Office (ICO), in the event of an early breach.

3.       Classify your data – Ensure that you’ve located any Personal Identifiable Information (PII) that could be used to directly or indirectly identify someone, and you know where it’s stored, who can access it and how it’s being processed. Once classified, you can work out which data requires the highest levels of protection.

4.       Assess and prioritise – The privacy of the individual is the first priority, so ensure you’re only processing data that you need to. Conduct a Data Protection Impact Assessment (DPIA) of all existing procedures to evaluate data life cycles from start to finish, making sure that you have the means in place to delete data on demand.

5.       Remedy and repeat – Compliance is an ongoing process, not a one-off tick box, so ensure you take the correct steps to remedy any issues that are flagged up and maintain this careful monitoring going forwards.


We can help you every step of the way to becoming GDPR-ready, from acting as your DPO to conducting a DPIA, and managing your entire transition. Give us a bell today to find out more!

Why do accountancy practices need GDPR support?