Wrong country detected
You are currently viewing the UK website. If this is wrong, please choose the correct country from the dropdown to be redirected to the correct website.
You are currently viewing the UK website. If this is wrong, please choose the correct country from the dropdown to be redirected to the correct website.
In this extract from a new and informative guide ‘Preparing Your Practice For GDPR’ brought to you by MyFirmsApp, the the worldwide number one provider of intelligent Apps to professional firms in 11 countries, we look at what GDPR means to your practice and the close links between GDPR and Making Tax Digital.
The EU General Data Protection Regulation (GDPR) comes into force on May 25th 2018 and replaces the 1995 Data Protection Directive. It is directly applicable in all EU member states and will apply in the UK despite Brexit. It will affect all businesses that process (i.e. collect, record, use or disclose) data relating to an identified or identifiable natural person (“personal data”) and is an attempt to harmonise data protection laws. While many key principles and concepts remain the same, there are several new prescriptive requirements and those found to be non compliant, could face fines of up to 20m euros or 4% of annual turnover.
The new requirement for transparency means firms need to be open about how they process personal data. Privacy notices must be shared with all individuals you process personal data about and in essence, should include informing those individuals what information you hold on them, how you use it and who you share it with. The most prominent new requirement is that privacy notices must detail the legal bases of processing (e.g. consent, necessary for performance of a contract, legitimate interests). For most firms, this will mean that existing privacy notices will need to be reviewed and updated and the information in them must be concise, transparent, intelligible and easily accessible.
Here are some examples of personal data typically held by accountants:
HR data (current/former staff, applicants, dependants):
Client data
Business data (suppliers, agents, contractors):
For those practices that hold children’s personal data, special care is needed, as GDPR requires parental consent for processing children’s personal data. Controllers should obtain the consent of a parent or guardian when processing the personal data of a child under the age of 16 and they also must make “reasonable efforts” to verify that a parent or guardian has provided the appropriate consent.
With GDPR, additional mandatory clauses in supplier contracts are needed and terms are much more detailed. All existing contracts will need to be reviewed, prioritised and amended to ensure all elements are present and any contracts in place on the 25th May 2018 will need to meet the GDPR requirements. A possible solution would be to send an addendum to existing suppliers and for new suppliers, review template contracts to ensure GDPR requirements are included.
GDPR builds on and adds further detail to existing Data Protection Principles and the law requires firms:
What have GDPR and Making Tax Digital got in common? From the accountant’s perspective, it is all about the collection of data in a digital format and how to resolve the complexities of converting huge volumes of records into a format considered acceptable by HMRC.
To thrive in this digital world, we firmly believe that new approaches and new tools are required. That’s why we have developed ‘Collect’, which forms part of the accountant’s own branded App and sits on the client’s Smartphone or tablet. It’s designed for those clients who are non-VAT registered and employ no staff and may find digital record keeping with standard bookkeeping cloud packages a daunting experience. Collect enables them to enter data using the App and is as easy to use as the social media Apps like Facebook.
Data is collected in real time and it is then up to the accountant to review the figures, approve them and with one click, submit them to HMRC. This is the efficient, GDPR compliant, efficient way to manage clients’ MTD affairs.
There is a compelling opportunity for all firms, large and small, to reboot their data protection and privacy processes and turn to digital technology to prepare for GDPR and MTD. An inclusive, compliant App platform that reflects the importance the firm places on privacy, will deepen digital trust, make clients feel more secure when they give their personal data to the firm and help enhance the practice’s reputation.
Grab your free copy of our helpful and insightful guide to GDPR helping you become compliant in time for the deadline.