5 things to take care of the GDPR and communicating to your clients
Come May 25 2018, General Data Protection Regulation (GDPR) is going to hit the multiple markets and sectors irrespective of the fact that from where you carry out your business. If your work is involved in any way with the individual/personal data, your business needs to follow the GDPR.
Accountants generally are regarded as the very trusted source of strategic advisory and therefore it becomes imperative to implement the GDPR in your business process so that you could advise to your clients on the concern for data security.
1. Try to comprehend the personal data that is being shared with you
Understanding the personal data that your clients share with you and highlighting it would make your life easy. For example, you are receiving the credit card information, SSN, etc from your clients, highlight that information as GDPR would also help you to understand that this is the critical information.
Psychologically, this would also help you begin the process of working towards following the GDPR guidelines. This is associated also with a famous saying “Well begun is the half the work done”.
2. Make a framework for securing that information
GDPR framework is important as this would help your practice to share it with your clients that follow a set of protocols inside your practice that helps prevent the breach of their personal data. Framework should include the impact and risk analysis of the data being shared by the clients.
Framework would also allow you create the flow chart of the movement of the personal data of the clients. While carrying out the risk analysis try to find the loopholes in the system from where the data could be leaked. Mark it as red and figure out the solution for turning the reds in to greens which would mitigate the risk of data leakage.
3. Appointment of DPO
Although, appointment of DPO is mandatory, accountancy practices should encourage their DPO to have full understanding of the GDPR and know the security concerns relating to your business. DPO shall also be the point of contact for your clients to know the security structure of your practice. DPO should report to the senior management so that your practice strategies are aligned with the data security going forward.
It shall be the responsibility of the DPO to highlight all the security concerns and the risk mitigation strategies and policies that has been adopted by your practice. This would instil the trust in your clients and potential clients impacting the brand value of your practice.
4. Organise GDPR trainings in your practice
Regular trainings are healthy for a company. This also goes well with keeping your employees well versed with the basics of GDPR. Your employees are your deep assets and therefore they are the one who hold the personal data of your clients. Providing and creating the framework is one part of this data security game but keeping your employees up to date the significance of this critical regulation would also ease your worries of data security.
5. Carry out due diligence on your outsourcing vendor
While outsourcing your back-office accounting and tax work, the environment has been changed but the outsourcing of work is still regarded the best from the view of eyeglass of economic value chain.
Having said that, you should first carry out the due diligence on the GDPR framework of your vendor. It is of high importance that you take a view of their process of handing the personal data and their data flow map as they would be the one who shall be processing the personal data on your behalf.
Creation of a checklist of GDPR measures that should be taken by your vendor shall help you to understand their capabilities to carry out the personal data of your clients.
Being ourselves as an accounting firm serving international & domestic clients and have been serving accountancy firms & various multinational enterprises as our clients in the UK, and having their head offices based out of Germany, United States of America, Netherlands, Russia, Italy, Norway, Canada, Taiwan, Singapore, Australia, India and France, we have no-nonsense policy in terms with the data security. Our latest and modern infrastructure both in terms of hardware and technology gives peace of mind to our international clients spread across the continents.
We are fully committed to protecting our clients’ data and it stands as a testament towards our zero tolerance for data security, we can safely say that since ever we have started serving our accountancy firms client and other international clients, never ever, a single instance of our clients’ data compromise/leakage has been registered.
In-fact in India the Right to Privacy is considered as Fundamental Right.Thus in essence, Indian company do not see GDPR just a business compliance but also as a fundamental right of every citizen where he/she has right for their data privacy.