Data security and IT approval feature high on the list of tech priorities. Given the level and depth of legislation such as General Data Protection Regulation (GDPR), it’s no wonder that tax teams are seeking to take the initiative when it comes to controlling how their data is managed”- Steven Smith, Director of Product Management – Europe.
Close to 40% of respondents to the 2018 Tax Technology Survey highlighted the key criteria when looking to invest in new tax technology is its ability to “Meet high data security standards and/or is approved by our Information Security & Technology group”, making it the single biggest evaluation point.
With GDPR taking effect from 25th May 2018 perhaps it is no surprise, however the details of the findings also help to cast light on the wider issue of data security and the need to drive improvements to processes within the tax department at large.
Data security and the tax department
From a corporate perspective, holding and handling commercially sensitive tax data has always brought risk, however some of the specific requirements of GDPR seem particularly relevant, whereby:
- Organisations will have to take steps to demonstrate they know what data they hold, where it is stored, and who it is shared with, by creating and maintaining an inventory of data processing activities.
- Significant data breaches will now have to be reported to regulators and in some circumstances also to the individuals impacted.
- The focus is on organizations having a more proactive, comprehensive view of their data and being able to demonstrate they are compliant with the GDPR requirements.
The impact on a department already under pressure to stay on top of jurisdictional regulations cannot be underestimated, which is perhaps why it is no surprise that it features so prominently in the list of selection priorities.
But beyond GDPR, what is driving these concerns?
Critical factors impacting the security of tax data
From the detail underpinning the survey, and data from subsequent webinars, there are some key factors that combine to bring the concerns around data security into sharp relief:
- Gathering data – How data is collated varies between organisations; the quality and accessibility of documented policies also varying significantly. Without a seamless flow there is an increased vulnerability to tampering, unauthorised access, or for it to be incomplete.
- Storing data – Specifically version control – creating multiple copies of data and staying on top of which is the most relevant generates opportunities for important files to go astray. Storing data on local drives can also mean limited backups occur.
- Using data – Bringing the use of Excel and manual processing to the top of the agenda – In particular miskeying, formula errors, and the added complication of it also not being acceptable for filing under MTD for VAT from April 2019, without the careful use of bridging software as a minimum.
At the very heart seems to be the legitimate concern that there are too many hands, and silos, for data to pass through, meaning that it is too hard to look through the entire tax data supply chain and have a high confidence in security.
More than just a compliance issue
Over and above the need to provide assurance for GDPR, and processes for MTD for VAT, there is risk at a corporate level for external reputation.
Data security lapses in major corporates have been interpreted highly negatively, and have caused huge impact on both reputation and share price. The main interpretation being that it reflects poor systems, weak or bad processes, or providing insight into confidential tax affairs that can lead to questions around transparency. None of which make for particularly comfortable reading.
Questions around security and compliance are ultimately about managing risk, however it shouldn’t be about driving fear, but rather better practice and broader benefits.
Tackling security, impacts positively on process
The survey reveals just how critical tax technology is becoming, with 89% claiming that it is now strategic to the success of their department.
If creating a reliable and auditable process for handling data security compliance is a motivator, the wider positive impact on other challenges identified in the research such as Keeping up with new regulations and processes (46%), Managing compliance across multiple jurisdictions (44%), and Need for increased efficiency -internal processes and workflow (35%), should also follow.
Not only would it seem to tie up many of the loose ends around the security of manual processes and data silos, but generating alignment with the digital agendas of tax authorities, and increased reporting requirements.