What next after GDPR?

Delivered from the buzzing walkways of Accountex, AccountingWEB’s latest compliance podcast for accountants, sponsored by Thomson Reuters, features employment law expert Annabel Kaye and practice owner Matt Portt. Together, they offer their perspectives on what the GDPR regulation means to accountants post-25 May.

Never before have we as individuals seen such a flurry of emails in our inboxes, something which Annabel suggests was not the intended interpretation of the law after all. Although many accountancy firms will have completed the necessary tasks prior to 25 May, the law expert suggests it’s important to ‘keep an eye on what’s happening, because the ink’s fairly dry’. As Annabel reiterates, GDPR is a process that cannot simply be marked as complete at a point in time:

“It’s a way of being secure about data, so you can never really say the jobs done. You’re going to have to look at: have we changed the way we’re working? Is there a new risk? Is there something different we need to do? I certainly recommend a 6 month review when this beds in, and then annually. At anytime you implement new software or new systems, you’ve got to have in your mind – is this system secure?’”

Matt Portt represents accountancy practice owners and reflects on his preparation ahead of the new regulation: ‘it’s been a challenge; the client education has been difficult, but we started a long time ago’. He highlights the scope of the project reaches far beyond that of Portt & Co’s use of individual’s data:

“We’ve had to ensure that our sub-contractors (so the tech companies that we provide the data to) are compliant – we’ve had to react to that a little bit to a certain extent”.

But what will GDPR mean to accountants as we move beyond the 25 May? There may not be a crystal ball for how it will affect the industry, but Annabel suggests that ignorance and non-compliance will lead to investigation, if enough people report you to the ICO as a ‘spammer’. Perhaps the most important suggestion she has for accountants is to ensure laptop encryption, which is a relatively simple way to negate any consequences and potential embarrassment to a firm.

Matt ends with his advice to be thorough when it comes to using new suppliers – especially if those suppliers hold data outside the UK.

Listen to the full conversation live from the event by clicking the arrow below:

Coming soon – part two of this podcast! Hear Tom Herbert from AccountingWEB and our GDPR-expert Ian Cooper discuss the impact of GDPR on accounting firms.

Want to receive automatic email alerts for new podcasts? Subscribe to the On Compliance podcast.