How Will GDPR Impact Cloud Based Accounting?
On 25th May 2018 the new General Data Protection Regulations came into place, with the aim of uniting data and privacy regulations across Europe. This new data protection policy puts customers/individuals in control of their personal data that organisations are collecting and storing. Only 7% of organisations will be in complete adherence to GDPR by 25th May 2018 and 60% of businesses will not be fully compliant by this date (AlienVault and Cyber Security Insiders). It is important to remember that 25th May 2018 isn’t a deadline for 100% compliance – businesses just need to show they’re putting procedures in place in their journey towards becoming GDPR compliant.
What will GDPR Impact?
From Friday 25th May 2018 the new General Data Protection Regulations will impose uncompromising legalities on how every individual business collects, stores and uses consumer data. Moving forward, a company will need evidence of explicit consent for the data they’re collecting, and users (the consumer) has the right to request and get full deletion of their data. Any first-time data requests must be funded by the data collecting entity (the business). Hundreds of businesses and industries across Europe will be impacted by this, as new procedures will have to be put in place to ensure that there’s clear consent and security regarding the personal data they collect.
GDPR will also impact non-EU businesses who are conducting business with any EU citizens. As they will be handling personal data from EU nationals, they will have to follow EU procedures. Companies who are found to violate GDPR are at risk of receiving fines of up to €20 million, or 4% of their annual turn over.
The UK will still follow GDPR after it’s exit from the EU.
As GDPR is an EU regulation, the UK will still have to comply while they’re still a member of the EU – this will not change after Brexit. The UK have stated that they will remain GDPR compliant after leaving the EU.
How will GDPR Impact the Accounting Industry?
GDPR is going to affect the accounting industry as it will directly impact any professional accountants that store, collect or process the personal data of their employees or clients. This means that accountants will have to get explicit and lawful consent from their clients when it comes to storing their data. Accountants also need to ensure this data is secured, all whilst adhering to the user’s data rights. Obviously, accountants will need specific pieces of personal data to do their job – you should make it clear that you require and will be storing this data in order to complete the service you’re being paid for.
It is also important to understand that our clients and employees have a right to opt out of any form of automated evaluation, such as credit scoring.
GDPR and Accounting Software
Online Accounting is on the rise, as accounting software makes it easier for small businesses to keep on top of their accounts, with the support from a professional accountant. What makes accounting software so helpful to businesses is that it can be accessed anytime, anywhere – but in the eyes of GDPR, is this safe? Below, we’ve outlined how the accounting software 3 Wise Bears use, Xero are doing all they can to keep your data safe, and remain GDPR compliant.
What is Xero Accounting Software doing for GDPR?
Xero is an accounting software firm based in New Zealand. In 2017, Xero surpassed 1 million subscribers, which means a lot of people all over the world are using Xero accounting software and bookkeeping services. So, if Xero doesn’t do anything to become GDPR compliant, they’re at risk of a hefty fine, numerous data breaches and losing customers. Here’s what Xero are doing:
- In order to identify any weak spots within their system, they undertook a comprehensive GDPR audit and gap assessment. Once the gap assessment was complete, they then created an internal roadmap so that they can work towards becoming GDPR compliant before May 25th.
- Their product and security team then made the required changes/improvements/patches to our product and are working to implement those
- A personal data flow analysis was undertaken to see the exact data funnel – they are in the process of finalising the data maps.
- They have communicated with their key third-party vendors to ensure they have the appropriate contractual protections in place to meet GDPR requirements.
- They’re tightening and refining procedures to deal with key data subject rights such as access requests and the right to request deletion.
- They’ve produced a GDPR compliant Data Processing Addendum and updated their privacy notice to be GDPR compliant.
- Their incident response procedures have been updated and are line with GDPR.
- Company-wide data protection training module for all Xero personnel has been integrated.
- A data protection impact assessment procedure has been integrated into their system and product development.
Will GDPR impact Cloud Based Accounting?
GDPR will impact Cloud Based Accounting, but if businesses are following the rules and doing all they can to comply, it will positively impact the company (in theory), as procedures will be put in place to protect the data they have, and they won’t have any unnecessary data on their system. It seems like we’re stating the obvious here, but cloud-based accounting firms who are not even trying to adhere to GDPR regulations are at risk of being negatively impacted, in terms of violating data protection laws and risking data breaches.
Aside from the millions of ‘opt-in’ and ‘we’re changing our privacy policy’ emails clogging up your inbox, from a client point of view, nothing process-wise should change. All it means is that you can access your data, get it deleted and have a transparent understanding of where what data is being collected, how it is being used, how long it is stored for and where it is.
