What the GDPR Means for Your Firm’s Financial Data Security

The European Union’s General Data Protection Regulation (GDPR) has been all over the news these past few weeks. A number of companies have updated their privacy policy and terms of use to comply with eh ground-breaking EU directive. You also have noticed the number of notifications sent in your email inbox regarding these changes.

The GDPR covers the privacy rights of EU citizens and direct organizations and businesses on what they can do with the data collected from EU citizens and the limitations of what they can do with the information.

Social media sites and communication sites were the first to follow these directives, as well as sites that collect sensitive information from users (e.g. online banking sites, video-streaming, applications, e-commerce platforms, etc.). While these industries vastly differ from finance and accounting industry, the GDPR still affects the day-to-day tasks of accounting professionals, especially those who deal with financial data security and information management.

Here are the things that accounting professionals should know about the GDPR.

What is the GDPR?

The GDPR is the EU’s data privacy protection mechanism that entered into force last 25 May 2018. It was designed to harmonize data privacy laws in Europe, protect the rights of EU citizens to data privacy, and to provide organisations with limitations and guidelines on how they should approach the information that they collect from EU citizens.

Application of the GDPR

The GDPR protects the personal data and information of EU citizens. The Regulation is extraterritorial in applicability; it covers the data collected from personal information EU citizens, regardless of where the data will be processed, and if the data processor is established in the EU or not. Non-EU businesses processing the data of EU citizens will need to appoint a representative in the EU.

Non-compliance  can result in a fine of €20 million or 4% of the annual global turnover of an organization, whichever is higher, for grave infringements. There is also a tiered approach for less serious infringements. It is important to keep in mind that the regulation applies to both data controllers and processors.

Data Rights under the GDPR

The EU’s GDPR introduced a number of privacy rights for its citizens. These include the following, but are not limited to:

• Breach notification
• Right to Access
• Right to be forgotten
• Data portability
• Privacy by design
• Data protection officers

For more information on the data and privacy rights under the GDPR, visit the EU’s official GDPR site.

The GDPR and the Role of Accountants

Accountants should be concerned about the scope and the implementation of the GDPR. Finance and accounting tasks normally involve processing data based on information collected from individuals and organizations. These pieces of information are protected by the directives under the GDPR.

A common misconception about the GDPR is that it only applies to pieces of information that are processed digitally. It is important to note that the Directive also applies to information on papers even if these are manually processed if they form part of what the EU considers as a ‘relevant filing system’.

To ensure that the GDPR is complied with, accountants, data controllers, and data processors should be able to prove that the individual has granted them consent, freely, to capture and process their data. Companies also have the responsibility to be clear and specific on the purpose on why the information is being captured and how the information will be handled. Furthermore, the GDPR also provide individuals with the right to withdraw the information that they have provided or stop further processing of information. Companies should comply with this request under the rules set by the Directive.

Accountants in the UK: GDPR and the Brexit

The negotiations for the United Kingdom’s exit from the European Union is currently on-going. The UK will continue to be a part of the Union until at least 2019. This means that UK citizens will continue to be protected by the GDPR until the UK officially exits the EU. However, the UK has already stated that it will retain its ‘world-class data protection’ after it formally exits the European Union.

The GDPR introduced new measures and expands on the those currently in place to protect the data privacy rights of EU citizens. As the GDPR takes effect, accounting firms and accounting practitioners should review their current processes and ensure that they are compliant with the GDPR. Should you need an extra hand in managing your finance and accounting tasks while you update your processes for GDPR, contact us right away for a free consultation. We also encourage you to download our ‘Finance and Accounting Solutions for UK CFOs’ content offer to know more about our scalable and customizable solutions for UK CFOs.