Data Protection – A minefield to be negotiated


The 25 May 2018 deadline for GDPR implementation looms ever closer.

It is vital that all accountants and their clients have at least a basic understanding of the new Data Protection Regulation (GDPR) that will come into effect from 25 May 2018.

Here is another in our continuing series of tips on how bet to implement the new rules.

Right to be forgotten

GDPR introduces a new ‘right to be forgotten’ giving individuals (essentially former clients and employees) the right to request for all their personal data to be deleted.

How does this affect the typical accountancy firm holding data for money laundering identity checks and information held within the firm’s own accounting records?

It has been confirmed that this new right is overridden by statute – i.e. an individual cannot require you to delete information from your due diligence and internal accounting records, when there is an overriding statutory requirement for holding that data.

Although how much personal data you would hold for accounting purposes is questionable. However, if you’re holding information over and above what’s required by law (five years after the client has left the firm, for AML purposes for example) for some other purpose, then you would have to consider the legal basis and the individual’s rights.

For more practical hints and tips on data protection and to get you started on your preparations for 25 May, please come to our course on the ‘General Data Protection Regulation – What Accountants Need to Know’ at the Talbot Hotel, Stillorgan, County Dublin on the following date:

Wednesday 30 May 10am to 1pm

For more information on our other upcoming courses click here