What is GDPR and how can accountants prepare?Understanding the new EU data privacy GDPR regulation and requirements

The EU General Data Protection Regulation or GDPR commences on 25 May 2018 and is the biggest change to UK data laws since the Data Protection Act came into force in 1998.

GDPR imposes new requirements on the collection, use and storage of personal data and formalises the processes around data governance. Any companies who store information on European individuals have a requirement to comply.

Frequently asked questions about GDPR

What is GDPR?
Which organisations are affected by the GDPR requirements?
How can accountants comply with GDPR regulation?
What should accountants do in relation to personal data?
What is classified as personal data under GDPR?
What are the risks associated with sharing personal data with clients and employees?
How can Thomson Reuters solutions help accountants share personal data securely?
How can Thomson Reuters solutions help accountants comply with GDPR?
Is cloud software secure enough for accountants to comply with GDPR?
What is Thomson Reuters doing to prepare for GDPR?

What is GDPR?

GDPR is a new law implemented by the European Union (EU) in the 28 EU countries plus Iceland, Liechtenstein and Norway and will strengthen data protection for individuals within the EU. Organisations, including accountants, will be even more responsible for “processing” the individual’s data.

Although the EU has had data protection laws in place for a long time, GDPR is more stringent and makes businesses more accountable for data protection with severe potential fines of up to 4% of global revenue for non-compliance.

Which organisations are affected by the GDPR requirements?

The GDPR requirements apply to processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.

How can accountants comply with GDPR regulation?

GDPR represents a paradigm shift in privacy requirements governing how all EU organisations, including accountancy practices, respect and protect personal data. GDPR regulation imposes significant new requirements and requires a thorough review of processes for managing and processing personal data.

What should accountants do in relation to personal data?

Under GDPR, accountants should identify what personal data you store, its origin, who has access, where it is stored and who it is shared with.

What is classified as personal data under GDPR?

Personal data includes, but is not limited to, any information relating to an identified natural person, for example, name, email address, online identifiers, location, and phone number.

What are the risks associated with sharing personal data with clients and employees?

The risk associated with personal data can be at its highest when data is ‘in transit’ – when files or documents are being sent internally within a firm or exchanged externally with your clients.

Reducing the risks associated with sending and receiving documents containing personal data is of the utmost importance. Key questions you could ask yourself include what personal data do you store, what was its origin, where is it stored and who is it shared with?

How can Thomson Reuters solutions help accountants share personal data securely?

Thomson Reuters provides a cloud-based portal and document management systems specifically designed to make document sharing and transfer easy and secure. Client portals can be used for two-way collaboration for requesting and sharing essential documents and files. You do not have to create copies of files or ask your clients to email you spreadsheets containing sensitive data which can introduce serious security risks. All work can be completed in a secure online environment and every document is encrypted.

How can Thomson Reuters solutions help accountants comply with GDPR?

Alongside your firm’s new GDPR compliant processes and controls, Digita and Onvio can be useful tools in helping you manage and process personal data. These solutions can help you manage and protect personal data and can assist accountancy practices with GDPR compliance in three key areas: managing and protecting sensitive client data, sharing personal data with your clients and employees, and security in the cloud. It is important to stress that they are only tools and firms must make sure they have processes in place to manage any personal data used by Digita and Onvio.

Is cloud software secure enough for accountants to comply with GDPR?

In the new world of GDPR, liability for data breaches continues to be a fundamental concern. If you are using hosted or cloud-based systems, it’s important to make sure that your solution providers have appropriate GDPR compliant processes in place. They must have strong security systems and data protection policies for customers’ data. Thousands of Thomson Reuters customers across the globe use our hosted and cloud solutions, and we scan and monitor the environment for known vulnerabilities and anomalous behaviour.

What is Thomson Reuters doing to prepare for GDPR?

Thomson Reuters is committed to protecting personal data as required by applicable privacy legislation including the GDPR. Our commitment is supported by a core team of privacy experts, employee data privacy and information security training and our privacy compliance program which is led by our Privacy Office.