What Accountants Need to Know About GDPR

With the advent of new privacy regulations, it is more important than ever that accounting firms manage, secure and re-think their clients’ data. The recent passage of the General Data Protection Act (GDPR) puts new regulations in place that will affect many aspects of an accountancy firm’s business. Any such firm with business in the EU will be affected by GDPR. 

While there are several file-sharing sites available, there are few that can truly provide a robust GDPR compliance roadmap for accounting firms. TaxDome has been designed to be an accounting firm’s GDPR compliance solution for firms of all sizes. 

Here, we will take a look at what accounting firms need to know about GDPR compliance. 

GDPR and Accountants: Software Considerations

Just about all accounting firms use some form of software to manage client information. Therefore, rather than simply assuming that their software platform meets the new GDPR requirements, accountants must review their software to ensure that it is GDPR compliant. Accounting professionals should use the following checklist to see if their software and file sharing are compliant with GDPR regulations:

• What are the technical specifications of the platform?
• How is the data separated?
• What type of encryption techniques are used to secure the transmission of data?
• What is the total security protocol of the software, including data transmission to mobile devices?
• What is the data disablement procedure?
• What type of outsourcing or subcontracting does the software service use?
• How is the data backed up?
• What is the data recovery procedure? 

The right GDPR software for accountants, such as TaxDome, will provide solutions that satisfy the entire checklist.

What Features Make File Sharing Tools Fit for Sharing in the New GDPR World?

GDPR compliance for accountants starts with understanding the features of any file-sharing tools used in the office. Here is a look at three of the most important features which should be considered: 

Security first

All accounting software platforms need to make it easy to secure e-signatures and e-approval from clients. With the advent of GDPR compliance regulations, this needs to be done securely. TaxDome uses 11 layers of security to ensure that all storage and transmission of client information is protected. For instance, TaxDome utilizes SSL certificates with 256-bit encryption to protect client data. Other protections include daily data backup through the Amazon AWS cloud and the securing of all credit card details through Stripe and CPACharge. 

Secure document & data exchange

While data protection is important, making the e-signature and e-approval process easy for clients is a must for any accounting business. E-signing inside TaxDome is not only secure but it is also IRS compliant, which allows accounting firms to easily and securely send and receive information from all types of clients. Best of all, TaxDome can accomplish all of these tasks within GDPR compliance regulations. 

Ability to comply with data requests

A client can request information concerning their account at any time; GDPR regulations mean that accounting firms will need to provide this information immediately. With TaxDome, the required information can be retrieved easily and sent to the client securely. TaxDome allows you to share client information by simply providing a link. You can not only share easily but also manage individual access. In addition, you can share data securely via the built-in messenger rather than using outside messaging platforms such as Whatsapp. 

How Will the Impact of GDPR Affect Accountants?

At the very least, accounting firms will need to update their systems to make sure that their client information complies with GDPR regulations. To create the ideal GDPR roadmap to compliance, you will need to make sure that you have a software platform that is already designed for the new GDPR world. 

TaxDome has been designed to make it easy for any type of accounting firm to become GDPR compliant. From recording the exact details of customer consent to updating terms and agreements, TaxDome makes the process seamless. 

10 Key Facts Accountants Should Know About GDPR

Any firm that works with European clients needs GDPR. Therefore, it is important to know more about GDPR to ensure that your firm is compliant with European rules and regulations. 

1. Accountants needed to comply with GDPR by May 28, 2018

All accountants doing business in the European Union have needed to comply with GDPR regulations since May 2018. Even if your firm is based in the United States or somewhere outside the EU, you still need to be compliant with GDPR if one of your clients is located in the EU. Even if you don’t currently have any clients located in the EU, there could be a time in the future when you expand your accounting business to other territories. To ensure compliance, make sure that your accountancy practice has built a GDPR compliance roadmap. 

2. GDPR compliance is your firm’s responsibility

As the data controller and the data protector of your client information, it is your firm’s responsibility to be GDPR compliant. That means your firm has to take all the necessary steps to ensure that your client information is kept private from any unauthorized third party. Additionally, you will be responsible for any breaches or leaks in such client data in your firm’s possession. 

3. You need to know your data’s supply chain

You need to know everything about your client data in its supply chain. For instance, you need to know where your client data is backed up. With TaxDome, your client data is backed up by the Amazon web cloud service and all data within the cloud is stored in your country. For instance, if your firm is based in Belgium, then your data will be stored on an Amazon web cloud in Belgium. TaxDome also makes it easy to account for all your client data; this helps to relieve you of much of the heavy lifting. 

4. Certain data breaches must be reported to the Information Commissioner’s Office (ICO) within 72 hours. 

If there is a hack or a data breach, then your firm is obliged to report the incident to the Information Commissioner’s Office (ICO) within 72 hours of the incident. With TaxDome, all information is protected by multiple layers of security, thus greatly reducing the chances of any data being compromised. 

5. Privacy Impact Assessments become compulsory under certain circumstances

Your firm needs to understand and review how its client data is requested and stored, therefore, it is a good idea to examine all the areas through which your client information passes. For instance, you will have to assess your email portal, data storage, data backup, etc. This is especially important when it comes to sensitive information such as client tax forms. 

6. Your client consent to providing data must be freely given

You will need to provide clear information as to how your client data is processed. They will need to understand where their information is stored and where it is backed up. This is why it is important to review every area that affects client information. With TaxDome, you have an all-in-one solution when it comes to the handling of client information. This makes assessing your client data much easier. 

7. Offering generic opt-ins for passing on data to third parties no longer counts as being fully informed

In the past, accounting firms were able to use generic opt-in boxes for sending client information to third parties. With the new GDPR regulations, this is no longer the case. Today, accounting firms should have an opt-in option at the end of each correspondence. This will give your firm clear permission that a specific piece of information can be sent to a third party. 

8. Clients may have the right “to be forgotten”

There are some cases where your client may request “to be forgotten” and have all their information erased. However, accounting firms are required to hold on to personal tax returns for seven years. 

9. Your clients may have the right to opt-out of certain types of processes and marketing 

Clients in the European Union tend to seek a higher level of privacy. Therefore, you will have to give your EU clients the right to opt out of certain types of processes and marketing correspondence. All steps should be taken to ensure that your clients are removed from correspondence lists if they make an opt-out request. 

10. Businesses in possession of data must also notify other known holders of the data that consent has been withdrawn and the data should be erased

If you happen to pass on client data to a third party – and that client has requested that their information be removed – then your firm needs to pass on that request to all third parties. With GDPR regulations, your firm is responsible for all information that is sent to you, and that includes information sent to third parties. 

Frequently Asked Questions

You may have more queries about GDPR accounting compliance. Here are the answers to some of the most frequently asked questions:

How does GDPR affect client email lists and prospect data? 

The chances are that your accounting firm will engage in certain forms of marketing, including lead generation and email collection. All information that is collected from marketing campaigns falls under the GDPR compliance regulations. For instance, you cannot send this data to a third party without opt-in consent from the lead. 

What are the cost considerations for GDPR compliance?

As your firm works to become GDPR compliant, you may be wondering about the potential costs that come with such changes. Some of the typical costs that you might encounter include the migration of manual data collection and record-keeping to a software solution. TaxDome is an efficient all-in-one solution that allows accounting firms to accelerate the process of making their data collection and data storage procedures GDPR compliant. 

How can an accounting firm be reported for GDPR violations?

There are several ways that accounting firms can be reported for GDPR violations. For instance, an accounting firm that sends unsolicited communications to a potential lead in the European Union can be reported. 

Can clients audit accounting firms under GDPR? 

Under current GDPR regulations, clients can audit third parties to assess how their data is being managed and stored. This is why accounting firms need to understand the supply chain of their client information. With TaxDome, all the client information is handled by a secure accounting platform that tracks all client information including communications, storage and backup. 

What next steps should accounting firms take to ensure GDPR compliance?

The best course of action is to create a GDPR compliance roadmap to ensure there are no gaps in your firm’s tracking of client information. Start by accessing the supply chain of client information from communication to storage to backup. From there, migrate your client information to a secure all-in-one accounting platform. TaxDome makes it easy to simply and securely manage all client information. 

Getting a Head Start on GDPR Compliance

GDPR is an important piece of privacy legislation that must be followed by any accounting firm doing business in the European Union. Therefore, accounting firms must choose a software platform that will bring them up to speed smoothly.