Is your accountancy practice ready for the GDPR?

This month, our MD Andrew appeared in Chartered One – the quarterly magazine for chartered accountants in the North West. If you didn’t manage to get your hands on a copy, you can read his clear-cut compliance advice in full here…

There’s so much confusion and worry surrounding the imminent implementation of the GDPR at the moment, that you’d be forgiven for thinking that ‘P’ stands for panic. But whilst preparing for the legislation may be time-consuming – and non-compliance can lead to hefty financial penalties – getting your practice GDPR-ready doesn’t need to be one big headache.

It might be going a step too far to suggest that we should all be embracing the new data protection rules – altering procedures and processes to fit within a new framework is rarely quick or enjoyable. But, there are definite advantages to streamlining the personal data you hold on file, refining your methods of acquiring, storing and updating it and improving your security measures.

So, instead of putting it off for even longer, why not make sure you’re preparing yourself and your practice for the GDPR now? That way, you can start reaping the benefits of compliance before the laws come into full force.

Understanding the basics

First thing’s first: what are the guidelines you need to be following, and how can you make sure you’re compliant?

Well, it’s all about personal data processing. GDPR will replace existing legislation, and provide the rules for how individuals’ information can be obtained, used and held by an organisation moving forward. These will be stricter on permission and consent relating to how data is gathered, the level of security in place to prevent a breach, and the rights of the individual to have their information updated, transferred or erased entirely.

The new regulations are EU-wide, and regardless of Brexit, any practice that deals with personal data will need to ensure that its processes meet the standards of the GDPR. And even for businesses residing outside of Europe, if they are handling the information of EU citizens, they must abide by the exact same laws.

A lot of people are getting caught up in worrying about the increased financial penalties, which can be up to £20m or 4% of their annual turnover. But it’s important to realise that if you take the time now to carry out an audit of your procedures and ensure you’re processing all data safely, securely and in line with the regulations, then you have nothing to worry about.

Q2Q offers a FREE tailored GDPR Awareness Workshop for accountancy firms that want to learn more about how the changes will affect operations. Give them a call on 01524 581690 to find out more.

Breaking it down

To simplify the GDPR even further, it can be broken down into six key data processing principles. These dictate that all personal information must be:

Processed lawfully, fairly and transparently
Collected for specific, explicit and legitimate purposes
Used adequately, relevantly and only when needed
Correctly recorded and kept up to date
Retained only for as long as necessary
Protected with appropriate security measures.

While this may sound simple, many businesses are still in denial that they need to be preparing themselves – in fact, the recent IT Governance GDPR Report reveals that a worrying 68.1% of organisations still haven’t updated their processes in readiness for the new legislation.

Plus, with a higher volume of data handling than many other sectors, it’s imperative that accountancy and finance firms are taking the appropriate steps towards compliance in advance of the laws taking hold. Ongoing documentation is a necessity for proving adherence, and the time-consuming nature of such a rigorous venture cannot afford to be overlooked or underestimated.

Of course, taking the first step is often the hardest part, and many practices are unsure of where to begin. But the worst thing you can do is keep putting it off – if you need any guidance, seek professional advice today.

Q2Q offers a comprehensive range of GDPR provisions tailored to your business, including workshops, assessments, compliance project management and a virtual Data Protection Officer service. Visit q2q-it.com or contact them on 01524 581690 to find out more about how they can help your practice.