5 things to take care of the GDPR and communicating to your clients

Come May 25 2018, General Data Protection Regulation (GDPR) is going to hit multiple markets and sectors irrespective of the fact from where you carry out your business. If your work involves any individual/personal data, your business needs to follow the GDPR.

It is crucial to adopt the GDPR into your business process because accountants are typically seen as a very reliable source of strategic advice. This will allow you to counsel your clients on the need for data security.

1. Comprehend personal data shared with you
Understanding the personal data that your clients share with you and highlighting it would make your life easy. For example, if you are receiving credit card information, SSN, etc. from your clients, highlighting that information would also help you to understand that this is critical information.
Psychologically, this would help you adhere to the GDPR guidelines when you begin the working process. This is also associated with a famous saying “Well begun is half done”.

2. Framework for securing information
The GDPR framework is crucial because it will enable your firm to inform clients about the internal procedures you use to protect their personal data. The Framework should include the impact and risk analysis of the data being shared by the clients.
It would also allow you to create a flow chart of the movement of personal data of the clients. When performing the risk analysis, look for any security flaws that could allow the data to leak. Mark it as red and figure out the solution for turning the reds into greens which would mitigate the risk of data leakage.

3. Appointment of DPO
Although the appointment of a DPO is mandatory, accountancy practices should encourage their DPO to have a full understanding of GDPR and know the security concerns relating to your business. DPO will also serve as a point of contact for clients who want to learn about the security measures in place at your office. In order to ensure that your practice strategies moving ahead are in line with data security, DPO should report to senior management.
It shall be the responsibility of the DPO to highlight all the security concerns and the risk mitigation strategies and policies that have been adopted by your practice. This would instil trust in your clients and potential clients impacting the brand value of your practice.

4. Schedule GDPR training sessions
Regular training is healthy for a company. This also goes well with keeping your employees well-versed with the basics of GDPR. Your employees are your assets and therefore they are the ones who handle the personal data of your clients. Providing and creating the framework is one part of this data security game but keeping your employees up to date about this critical regulation would ease your worries about data security.

5. Due diligence on outsourcing vendor
While outsourcing your back-office accounting and tax work, it is pertinent to think of the economic value chain.

Hence, you should first carry out due diligence on the GDPR framework of your vendor. It is of high importance that you take a view of their process of handling the personal data and their data flow map as they would be the ones who will handle the personal data processing on your behalf.
The Creation of a checklist of GDPR measures that should be taken by your vendor shall help you to understand their capabilities to carry out the personal data of your clients.

We have a strict policy regarding data security because we are an accounting firm that serves both domestic and international clients. Our clients include accountancy firms and various multinational corporations with headquarters in Germany, the United States of America, the Netherlands, Russia, Italy, Norway, Canada, Taiwan, Singapore, Australia, India, and France. Our multinational clientele located across continents feels at ease thanks to our cutting-edge infrastructure, both in terms of hardware and technology.

We are fully committed to protecting client’s data and it stands as a testament to our zero tolerance for data security, we can safely say that since ever we have started serving our accountancy firms clients and other international clients, never ever, a single instance of client’s data compromise/leakage has been registered.

In fact, in India, the Right to Privacy is considered a Fundamental Right. Thus, in essence, Indian companies do not see GDPR just as business compliance but also as a fundamental right of every citizen who has the right to data privacy.