• Register
Return to: Home > News > Regulation > EU Data protection rules will directly impact professional accountants

EU Data protection rules will directly impact professional accountants

The General Data Protection Regulation (GDPR) coming into force in the EU from 25 May 2018 will apply to everyone dealing with personal data information, stored online or on paper. Professional accountants that currently deal with collecting, storing and processing personal data in relation to clients, employees and subcontractors will be directly impacted by these requirements.

Accountancy Europe has released a factsheet on GDPR to explain the changes and provide examples in practice in order to help accountants understand how the legislation will impact their work.

Accountants collect and store information related to the identity of a new client to comply with their Customer Due Diligence requirements under the Anti-Money Laundering Directive. The updates mean that practitioners will have to document more thoroughly and inform the data subject, from which the personal information is collected to adhere to their data rights. Practitioners involved in big data analytics could be considered to be high risk activity.

The GDPR also introduces rules for when personal data is processed beyond its original purpose, requiring controllers to properly document the decision and describe factors leading up to it. GDPR introduces obligations and increased penalties for non-compliance which could exceed €10m. Certain data breaches can result in fines of up to higher than €20m, or 4% of global turnover.

The GDPR regulation replaces the EU Data Protection Directive adopted 21 years ago. GDPR has the dual purpose of taking changes in the personal data landscape into account as well as providing a more consistent regulatory framework across the EU.

Additionally, a Google funded paper estimated that the cost of an average SME to implement GDPR could be up to €7200 per year.

The European Union Agency for Network and Information Security (ENISA) published guidelines to help SMEs adopt a risk based approach for the security of the personal data they process, to assess security risks and to help SMEs understand the context. The ENISA also proposed organisational and technical security measures compliant with GDPR.

When the UK (or other Member States) leaves the EU it will be considered as a ‘third country’ and any data controllers processing data between them will have to revise their current data processing practices.

The USA however, is allowed to transfer data with the EU when the companies are part of the Privacy Shield. The Privacy Shield framework designed by the USA Department of Commerce and the European Commission provides companies with a way to comply with data protection requirements when transferring personal data from the EU to the USA under EU law. Alternatively they can transfer data when using other authorised means for data protection, such as through contractual clauses. This EU and USA Privacy Shield is currently being challenged as it allegedly provides insufficient privacy protection.

The Accountancy Europe data protection rules factsheet can be found here.

The ENISA guidelines for SMEs can be found here.

Top Content

    Choosing the right location can have cast-iron benefits

    As Game of Thrones, one of the biggest television shows of all time, comes to an end, Joe Pickard looks at how tax incentives offered to television and film production companies help the wider economy.

    read more

    Primary financial statements: a game changer in reporting?

    International Accounting Standards Board chair Hans Hoogervorst delivered a speech at the Seminario International sobre NIIF y NIF, organised by the Consejo Mexicano de Normas de Información Financiera in Mexico. The Accountant presents the highlights.

    read more

    FASB readies standards for the netflix generation

    The US Financial Accounting Standards Board (FASB) has updated its accounting standard for entertainment, with a specific eye on keeping up to date with how episodic content, such as television programmes, is consumed in the modern world. Jonathan Minter reports.

    read more

    Brexit: why it takes two to tango

    Former TA editor Vincent Huck, now editor of Insurance Asset Risk, looks at why Brexit might unleash geopolitical intrigue in Europe’s accounting standard-setting scene – and why IFRS 17 will be an incredible source of opportunity for firms in the coming years.

    read more
Privacy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.