By 25 May 2018, the General Data Protection Regulation (GDPR) will be reality and will apply across the UK.
GDPR will affect the way all EU businesses handle individuals’ data and, as accountants hold personal data, you need to make sure your firm is up-to-speed. How does that make you feel? Is your glass half full or half empty? According to our own survey of more than 650 accountants we found that over three-quarters (76%) are concerned about GDPR, and almost a quarter (24%) are not concerned.
Yes, GDPR means more compliance to contend with but it’s worth bearing in mind that much of the new legislation is a replication and updating of the nearly 20 years’ old Data Protection Act (DPA). As a result, many of you will already have processes in place to handle GDPR and are now at the stage where you could start talking to clients about GDPR – going that extra step to demonstrate real value to your clients.
I’ll go on to explain some positive aspects of GDPR, which should allay some concerns that you and the majority of your peers have. Today, GDPR might seem like mission impossible but read on to get some timely tips to help you tackle the GDPR challenge and unmask the hidden benefits to GDPR.
Client communication about GDPR
When asked if they had spoken to clients about GDPR yet, 83% have not, but plan to. Surprisingly, just 13% have already discussed it, and 4% said they have no plans to talk to clients about GDPR.
The general consensus amongst accountants that have yet to talk to their clients about GDPR is that more information is needed, in particular, information that is specific to the accounting profession.
However, whilst some specific guidance is still absent and aspects of the new legislation are still in draft, this should not hold you back from talking to clients. The reality is if you are not talking to your clients about GDPR, someone else will be, and with GDPR becoming such a mainstream and highly publicised issue, your clients and prospects will be actively seeking out information for themselves – do your best to be the trusted advisor they turn to.
Since we surveyed the accountancy industry, the Information Commissioner’s Office (ICO) has launched a new data protection service aimed at small organisations preparing for GDPR, including a telephone advice line that you, as an SME, can also access. As a result, there is more accessible and SME-appropriate information available so now is most definitely the time to start that GDPR dialogue with your clients.
Our survey also revealed that 48% of UK accountants have discussed GDPR internally, 43% have not yet had these conversations but plan to, and 9% have no plans to discuss it internally.
It is time to talk, to communicate both internally and externally.
The five hidden benefits to GDPR
So here are five positive aspects of GDPR to inspire you to view the changes in a different light.
With so few accountants seemingly talking to clients about GDPR, there is a great opportunity here for you to speak to your clients and position yourself and your practice in a more advisory light. Increasingly, SMEs are looking to their accountants to add extra value services and support to their businesses and will expect advice and guidance regarding GDPR. It’s also worth remembering that clients also have to comply with the new regulations and won’t necessarily receive help from their industry bodies. This provides your firm with the opportunity to offer more of that invaluable advice.
Accountants are in a very trusted position with the gathering, processing and exchanging of personal data part and parcel of everyday business life. Reputation and trust are your business critical assets that need to be protected.
Here are a few best practices to show your clients that their data is in safe hands: update your website with GDPR information, check and improve your privacy statements with regards to GDPR and the steps you are taking, show that you are transparent, trustworthy and compliant. Build client confidence in your firm and ensure clients know how well you treat their data. Use your updated GDPR material in your marketing; use it in your terms of engagement.
3. Data cleansing
GDPR provides a timely and much-needed opportunity to get to grips with your data and give it a spring clean. Rather than putting it off, yet again for another date, run a data inventory and get a handle on the location of your data, what and where your confidential data is held. Ask yourself do you need it? Only keep what you need. Choose data minimisation as your mantra.
Education and training don’t just apply to your clients, up-skill yourself and staff. When you consider that human error is the main cause of data breaches, according to the ICO, it makes sense to ensure that staff are fully aware of best practices in data security, as prevention is better than a cure. Although they will need to understand the requirements and what they need to do in the event of a data breach, for example.
The ICO website is a great educational resource and will also help dispel some of the unhelpful GDPR myths still being peddled around.
Last, but no means least, GDPR presents an opportunity. The opportunity to improve your own processes and procedures – look to improve data encryption and security and trial client portals, for example. Understand where and how data is used and who has access to this data, take action to restrict data access and minimise data where appropriate. Talk to your technology suppliers and other professional advisors such as your legal counsel. Look to go beyond compliance to provide yourself and your clients with some truly valuable GDPR support.
There is a lot of scaremongering and fear about GDPR, which is why it’s so important to take ownership of it now. From a reputation standpoint, there’s real competitive advantage to be had by being open, transparent and showing your clients that you are taking GDPR seriously and taking action now.
Not only can this help cement your position as a trusted advisor, but once you start considering data protection in everything you do, you will be able to confidently extol the virtues of your firm. Be proud on the lengths you go to – to protect your clients – it’s part of your job.
Ian Cooper Product Manager at Thomson Reuters.