GDPR for Accountants: Deepen Trust with IT Suppliers

Posted on May 23, 2018August 20, 2018 by Masha Komarova

You’ve almost certainly heard about the General Data Protection Regulation (GDPR) by now – a major update to the EU rules pertaining to the protection of personal data.

This blog post is not about how to get started with GDPR, or where you can find help in preparing for this change in legislation as an accountancy firm. For that, you can check the terrific GDPR centre created by Xero, or take a look at our other GDPR blog post.

Instead, in this post, we want to share with you a deeper view on what GDPR will mean for our relationships with our major clients.

Under the approaching GDPR regulations, we must be seen to act as a responsible data processor of our clients’ data. And over the last few months, we’ve had clients contact us to ask for a data processor agreement.

We want you to know that we have this in hand, and we’ve explained how we prepared for this upcoming change. However, for ApprovalMax, it’s far more important than simply having a data processor agreement; it’s about gaining the trust of our clients and ensuring transparency throughout our working relationships. And, of course, GDPR brings this into sharp focus.

So, let’s start the story from the very beginning.

Implications of GDPR for Accountancy Firms

For most businesses, accountants are not just the people who look after the numbers. They also provide guidance, advice, and risk protection. And due to the nature of the job, they typically handle a massive amount of personal data.

With the introduction of GDPR, accountants will need to, at a minimum:

Review existing procedures and documents related to the processing of personal data;
Record the exact method and details of customer data capture;
And check if their (IT) suppliers are GDPR compliant.

Now, let’s take a look at point 3 again: “Check if their IT suppliers are GDPR compliant”.

From the 25^th of May 2018, all cloud accounting and digital systems dealing with personal data must be GDPR compliant.

Just imagine how much time could be spent checking for compliance!

The Solution: Work Only with GDPR-friendly Providers

Since the data controller (the accountancy firm in this instance) is ultimately held responsible if GDPR is breached, it would be wise to review all business partnerships.

Ask yourself: Are your third party data processors GDPR-compliant? You’ll need to identify any compliance risks for personal data. We know that’s a big challenge. At the end of 2017 around 75% of cloud service providers were not yet in compliance with the GDPR, as that was stated in an ICO report.

At ApprovalMax we understand that our product and services may form part of the controls and processes that businesses need to put in place to meet some of their GDPR obligations. We are completely GDPR-compliant, including business processes, partnerships, and our product.

To put a different spin on GDPR, we here at ApprovalMax do not view the regulation as a burden; on the contrary, we see it as an opportunity for organisations to deepen trust with their clients.

We want to show that our solution is one that an accountancy firm can trust. Please have a look at our vision in this handy guide.

Trust as a Business Benefit

Privacy has come to the forefront of GDPR, in large part thanks to the rise in data breaches over the last few years. Ardi Kolah of Henley Business School, University of Reading, perfectly summed it up as an opportunity – not a threat – when he said:

“GDPR… is not just to safeguard rights and freedoms, but also to deepen digital trust and enable companies to do more with people’s personal data – whether they are customers, clients, employees, or supporters of charities.”

Meanwhile, 88% of people surveyed for an ICO report claimed transparency was key to increasing trust in how their data was being collected.

At the end of the day, our aim is to do our best to protect our client’s information. Working with us means working with a company which has a strong commitment to accountability in managing and processing personal data. Not just because it’s the law, but because it’s part of good business practice and culture.

GDPR gives us all greater power to re-establish trust as a core business benefit. We want you to see ApprovalMax not only as a trusted business partner, but as a trusted business benefit that you as an accountant can provide for your clients.

If you have any questions surrounding ApprovalMax and GDPR, please click here.