• Register
Return to: Home > News > Regulation > EU Data protection rules will directly impact professional accountants

EU Data protection rules will directly impact professional accountants

The General Data Protection Regulation (GDPR) coming into force in the EU from 25 May 2018 will apply to everyone dealing with personal data information, stored online or on paper. Professional accountants that currently deal with collecting, storing and processing personal data in relation to clients, employees and subcontractors will be directly impacted by these requirements.

Accountancy Europe has released a factsheet on GDPR to explain the changes and provide examples in practice in order to help accountants understand how the legislation will impact their work.

Accountants collect and store information related to the identity of a new client to comply with their Customer Due Diligence requirements under the Anti-Money Laundering Directive. The updates mean that practitioners will have to document more thoroughly and inform the data subject, from which the personal information is collected to adhere to their data rights. Practitioners involved in big data analytics could be considered to be high risk activity.

The GDPR also introduces rules for when personal data is processed beyond its original purpose, requiring controllers to properly document the decision and describe factors leading up to it. GDPR introduces obligations and increased penalties for non-compliance which could exceed €10m. Certain data breaches can result in fines of up to higher than €20m, or 4% of global turnover.

The GDPR regulation replaces the EU Data Protection Directive adopted 21 years ago. GDPR has the dual purpose of taking changes in the personal data landscape into account as well as providing a more consistent regulatory framework across the EU.

Additionally, a Google funded paper estimated that the cost of an average SME to implement GDPR could be up to €7200 per year.

The European Union Agency for Network and Information Security (ENISA) published guidelines to help SMEs adopt a risk based approach for the security of the personal data they process, to assess security risks and to help SMEs understand the context. The ENISA also proposed organisational and technical security measures compliant with GDPR.

When the UK (or other Member States) leaves the EU it will be considered as a ‘third country’ and any data controllers processing data between them will have to revise their current data processing practices.

The USA however, is allowed to transfer data with the EU when the companies are part of the Privacy Shield. The Privacy Shield framework designed by the USA Department of Commerce and the European Commission provides companies with a way to comply with data protection requirements when transferring personal data from the EU to the USA under EU law. Alternatively they can transfer data when using other authorised means for data protection, such as through contractual clauses. This EU and USA Privacy Shield is currently being challenged as it allegedly provides insufficient privacy protection.

The Accountancy Europe data protection rules factsheet can be found here.

The ENISA guidelines for SMEs can be found here.

Top Content

    2018 Digital Accountancy forum and awards: Digital transformation

    The Accountant presents highlights from The Digital Accountancy Forum & Awards 2018 panel discussions

    read more

    2018 Digital Accountancy Forum and Awards: Tech deep dive

    The second panel session of the day saw experts discuss how new technologies should not just be seen as a threat, and could be used to improve accounting.

    read more

    Digital Accountancy Forum and Awards: The power of data

    The third panel discussion of the day saw panellists discuss some of the worries their clients have had, how to overcome them, and how data and technology are providing real business opportunities.

    read more

    Digital Accountancy Forum and Awards: The next generation

    With young people more mobile, and technology changing the industry rapidly, the final panel session of the Digital Accountancy Forum looked at how firms would need to adapt to the new reality

    read more
Privacy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.