As accountants, you're used to working to external deadlines. Lots of these depend on the client e.g. accounts filing deadline and corporation tax...
Data Compliance & GDPR for Accountants: What You Need to Know
Discover the importance of GDPR and data compliance, and the steps your firm can take to secure your data today.
'GDPR’ and ‘data compliance’ are terms that can make your palms sweaty and your knees weak. You’re dealing with so much customer data every day, and you’re doing the right thing. You’re using technology to collect data to improve your business model and value offering.
But now you’re being bombarded with new rules and regulations.
If you’re feeling overwhelmed, let me tell you that you’re not alone.
Bloomberg reported companies now spend 6-10% of their revenue on compliance costs. For a good reason. Globalscape’s research showed that organisations lose $4 million (around £3.3 million) in revenue on average on a non-compliance event.
So, what is data compliance in action? Can you align it with technology? Can you ensure you’re getting the most out of third-party tools without jeopardising your business?
The secret is moving away from a culture of “can we” around data compliance and treating it as another way to create value.
The importance of being compliant with data regulations
Keeping your clients’ information safe is essential not only as a matter of ethics but also as a matter of legality.
I know it can be tempting to bury your head in the sand when things start getting complicated, but there are severe consequences to non-compliance with data protection legislation. Breaching data regulations could get the authorities on your tails.
Protect your firm
Data protection breaches can cost your firm a lot of money. The EU GDPR has a maximum fine of about £18 million or 4% of annual global turnover for infringements.
Robust data compliance not only covers you from these costly fines but also protects your firm’s reputation. Continuous breaches or misuse of data will have your clients looking elsewhere.
Protect your clients
But why is data compliance important to your clients? Your accounting business works every day to protect your clients’ interests, and data compliance is just another form of this vital work. Losing your clients’ sensitive information can, directly and indirectly, hurt their business, too.
You might be in charge of their finances, but your clients have their clients to protect. Adhering to data regulations guarantees you won’t put your client at risk for compliance issues.
Laws and accounting standards to be aware of
Data compliance makes sense financially. It also helps you build a brand image and offer value.
So, what are the laws and accounting standards you need to follow?
Perhaps the most talked about data regulation of the past decade. The GDPR is the General Data Protection Regulation, and it came into force on 25 May 2018.
The key facts you should know about GDPR are that it:
- Applies to all EEA countries and individuals or organisations trading with them
- Applies to personal data, which is data that relates to a living individual and who can be identified from the data and any other information in possession of the data controller
- Sets responsibilities for data processors and controllers, with an accountancy firm typically considering both
GDPR compliance boils down to three basic principles you must follow:
- Obtain consent
- Minimise the amount you hold
- Ensure the rights of data subjects
As an accountant, you typically possess two types of personal data: client data and firm data. You have to maintain records of data processing activities, identify and document the basis for data processing, and inform any data breach to parties. The regulation means certain breaches must be reported to the Information Commissioner’s Office (ICO) within 72 hours.
Who is responsible for ensuring compliance with data protection legislation? A data protection officer is required for bigger firms. While you might not legally need to appoint one, making data compliance issues a responsibility for a single person is helpful.
Generally Accepted Accounting Practice or Generally Accepted Accounting Principles (GAAP) describes the applicable rules and accounting practices. These change from country to country, and the ICAEW website comprehensively lists the international practices and standards.
SORP means Statements of Recommended Practice, and the standards are recommendations on financial reporting, auditing practices and actuarial practices for specialised industries. Different industries have a SORP-making body to help with the specifics.
International Financial Reporting Standards (IFRS) are currently used in over 140 jurisdictions. The accounting rules target public companies to make financial statements clear, relevant, reliable and comparable.
Review your compliance
Data compliance shouldn’t be a “review and forget” practice. I recommend you weave the standards and procedures into the fabric of your firm and consider them in your communication to marketing.
Here are some practical steps you can take to improve your data compliance:
CRM and marketing
Check how your CRM and marketing tools process data. If your CRM system integrates with email marketing, you must take extra steps to ensure compliance. Implement an opt-in system that provides transparency for gaining permission for current or prospective data usage.
Pixie’s client portal is GDPR-compliant, letting you focus on serving your clients the best way possible.
Email and communication
Accounting firms tend to receive many email attachments from invoices to credit notes. You should identify your email and communication methods and the routes these attachments follow.
Use data sharing portals, like virtual data rooms, to allow data sharing with higher security. VDRs make it easy to manage permissions. You can also quickly identify when documents are viewed and used — and by whom!
Accounting software comes in many shapes and sizes. Technology can help boost your business, but you must be careful with data compliance issues.
A comprehensive third-party tool audit can identify how your technologies collect and use data. If you can, it’s always worth checking what data compliance measures your chosen software uses. Using data-compliant software can take a lot off your plate!
Your clients’ data
Current data compliance laws and regulations have made clients’ data security a much bigger priority. Now is the perfect time to look at the data you have and get to the bottom of why you have it in the first place.
Your data audit should identify:
- The different client datasets you have
- The devices where the data is held
- The security of these devices
Creating a clear view of your data will help you ensure data compliance. You can go over your data with the appropriate standards in mind. While data security is not the same as data compliance, it can help to consider these two points simultaneously.
The critical thing to remember is this: data compliance strengthens your business’s ability to create value. Pixie can help you streamline your workflows and put compliance at the heart of your work. Compliance isn’t an afterthought for us, nor should it be for you.