Helping you with your GDPR implementation, here are some steps every accountancy firm can take to ensure they are GDPR compliant by 25 May 2018.
What to do now
- Appoint someone internally to take control of understanding the new regulation and how it will affect your practice. Organisations with fewer than 250 employees are not required by law to appoint a data protection officer (DPO), but someone needs to ensure you’re compliant.
- Perform a data audit to understand and formally record:
- the type of data you hold and;
- where it is held.
This requirement is quite far reaching when you think about it – accounting and tax software, audit software, payroll software, practice management systems, network drives, C and D drives and of course, paper accounting, tax, company secretarial and audit files.
The review will need to extend to the many individual devices on which information is stored – e.g. laptops, desktops, tablets, phones and memory sticks. You can’t put processes in place until you know what you’ve got and where it’s located.
- Think about security processes – physical security and IT backup procedures.
Most good IT support firms and software houses will be ready to guide you through the technical bits. You will need to check contracts with third parties who hold data on your behalf, including software providers and cloud-based services (known in the legislation as data processors). It will be important to understand where they hold the data and to ensure that they are GDPR compliant.
For more practical hints and tips on data protection and to get you started on your preparations for 25 May, please come to one of our series of courses on the ‘General Data Protection Regulation – What Accountants Need to Know’ at the Talbot Hotel, Stillorgan, County Dublin on one of the following dates:
For more information on our other upcoming courses click here