• Register
Return to: Home > News > Standards > EU Data protection rules will directly impact professional accountants

EU Data protection rules will directly impact professional accountants

The General Data Protection Regulation (GDPR) coming into force in the EU from 25 May 2018 will apply to everyone dealing with personal data information, stored online or on paper. Professional accountants that currently deal with collecting, storing and processing personal data in relation to clients, employees and subcontractors will be directly impacted by these requirements.

Accountancy Europe has released a factsheet on GDPR to explain the changes and provide examples in practice in order to help accountants understand how the legislation will impact their work.

Accountants collect and store information related to the identity of a new client to comply with their Customer Due Diligence requirements under the Anti-Money Laundering Directive. The updates mean that practitioners will have to document more thoroughly and inform the data subject, from which the personal information is collected to adhere to their data rights. Practitioners involved in big data analytics could be considered to be high risk activity.

The GDPR also introduces rules for when personal data is processed beyond its original purpose, requiring controllers to properly document the decision and describe factors leading up to it. GDPR introduces obligations and increased penalties for non-compliance which could exceed €10m. Certain data breaches can result in fines of up to higher than €20m, or 4% of global turnover.

The GDPR regulation replaces the EU Data Protection Directive adopted 21 years ago. GDPR has the dual purpose of taking changes in the personal data landscape into account as well as providing a more consistent regulatory framework across the EU.

Additionally, a Google funded paper estimated that the cost of an average SME to implement GDPR could be up to €7200 per year.

The European Union Agency for Network and Information Security (ENISA) published guidelines to help SMEs adopt a risk based approach for the security of the personal data they process, to assess security risks and to help SMEs understand the context. The ENISA also proposed organisational and technical security measures compliant with GDPR.

When the UK (or other Member States) leaves the EU it will be considered as a ‘third country’ and any data controllers processing data between them will have to revise their current data processing practices.

The USA however, is allowed to transfer data with the EU when the companies are part of the Privacy Shield. The Privacy Shield framework designed by the USA Department of Commerce and the European Commission provides companies with a way to comply with data protection requirements when transferring personal data from the EU to the USA under EU law. Alternatively they can transfer data when using other authorised means for data protection, such as through contractual clauses. This EU and USA Privacy Shield is currently being challenged as it allegedly provides insufficient privacy protection.

The Accountancy Europe data protection rules factsheet can be found here.

The ENISA guidelines for SMEs can be found here.

Top Content

    Accountancy Europe: the winner takes it all

    Jonathan Minter spoke to Olivier Boutellis-Taft, chief executive officer at Accountancy Europe, about how technology could change the industry, and how training needs to keep up to enable the profession to develop

    read more

    Embracing global technology trends

    Accountancy Europe’s Digital Day 2018 found the European accounting profession looking to tackle the challenges presented by new technologies head on. Jonathan Minter reports from the day

    read more

    IMA Conference: automation of the audit

    At the annual conference of the Institute of Management Accountants (IMA) in Indianapolis, Deloitte partner Alex Smith gave a presentation on digital transformation in the profession. Joe Pickard spoke to Smith following the presentation to find out more about his views on the future of audit

    read more

    IMA Conference: technology and the human effect

    The annual conference of the Institute of Management Accountants (IMA) took place in Indianapolis this year. Members of the profession gathered to hear the latest from the institute and other market players, covering some of the challenges and opportunities the profession faces.

    read more

    The Caribbean: a digital paradise

    The ICAC hosted its 36th annual conference in June this year – very much looking to the future following a tough 2017 for the Caribbean. Jonathan Minter spoke with chief executive officer Misha Lobban Clarke

    read more
Privacy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.