• Register
Return to: Home > News > Regulation > EU Data protection rules will directly impact professional accountants

EU Data protection rules will directly impact professional accountants

The General Data Protection Regulation (GDPR) coming into force in the EU from 25 May 2018 will apply to everyone dealing with personal data information, stored online or on paper. Professional accountants that currently deal with collecting, storing and processing personal data in relation to clients, employees and subcontractors will be directly impacted by these requirements.

Accountancy Europe has released a factsheet on GDPR to explain the changes and provide examples in practice in order to help accountants understand how the legislation will impact their work.

Accountants collect and store information related to the identity of a new client to comply with their Customer Due Diligence requirements under the Anti-Money Laundering Directive. The updates mean that practitioners will have to document more thoroughly and inform the data subject, from which the personal information is collected to adhere to their data rights. Practitioners involved in big data analytics could be considered to be high risk activity.

The GDPR also introduces rules for when personal data is processed beyond its original purpose, requiring controllers to properly document the decision and describe factors leading up to it. GDPR introduces obligations and increased penalties for non-compliance which could exceed €10m. Certain data breaches can result in fines of up to higher than €20m, or 4% of global turnover.

The GDPR regulation replaces the EU Data Protection Directive adopted 21 years ago. GDPR has the dual purpose of taking changes in the personal data landscape into account as well as providing a more consistent regulatory framework across the EU.

Additionally, a Google funded paper estimated that the cost of an average SME to implement GDPR could be up to €7200 per year.

The European Union Agency for Network and Information Security (ENISA) published guidelines to help SMEs adopt a risk based approach for the security of the personal data they process, to assess security risks and to help SMEs understand the context. The ENISA also proposed organisational and technical security measures compliant with GDPR.

When the UK (or other Member States) leaves the EU it will be considered as a ‘third country’ and any data controllers processing data between them will have to revise their current data processing practices.

The USA however, is allowed to transfer data with the EU when the companies are part of the Privacy Shield. The Privacy Shield framework designed by the USA Department of Commerce and the European Commission provides companies with a way to comply with data protection requirements when transferring personal data from the EU to the USA under EU law. Alternatively they can transfer data when using other authorised means for data protection, such as through contractual clauses. This EU and USA Privacy Shield is currently being challenged as it allegedly provides insufficient privacy protection.

The Accountancy Europe data protection rules factsheet can be found here.

The ENISA guidelines for SMEs can be found here.

Top Content


    Over 2 million Hong Kongers learned recently that they may soon be offered a route to UK citizenship following China’s introduction at the end of June of its controversial Security Law in the territory.

    read more


    As part of a series of webinars, the Sustainability Accounting Standards Board (SASB) took a closer look at how to communicate ESG initiatives and progress to mainstream investors

    read more


    Commerce no longer adheres to national boundaries: the largest international organisations to the smallest businesses operate in a global market. However, rules for corporate reporting and compliance do adhere to borders, write IMA’s Jeff Thomson and Liv A Watson

    read more


    As the Coronavirus (COVID-19) continues to spread across the world, the International Accounting Bulletin and The Accountant will be collating all the latest news and updates from the profession on the pandemic’s impact.

    read more
Privacy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.