- Directory of Members
Written by FCSA Business Partner, FreeAgent.
With the General Data Protection Regulation (GDPR) coming into effect next month, is your practice ready to be compliant? Richard Grey, Head of Information Security at award-winning accounting software provider, FreeAgent, explains how the company is getting ready for GDPR.
Read the original article here.
While there’s a lot of helpful information out there about the General Data Protection Regulation (GDPR), at FreeAgent we’ve found that sharing knowledge has been the most valuable tool in preparing for the new legislation.
The Information Commissioner’s Office (ICO) is a great place to get started, but if you are already on your way to compliance, read on for some of the key learnings we uncovered on our journey, along with some top tips you may find helpful in your own practice.
Please note that the following tips are based on FreeAgents’ own interpretation of GDPR, which may or may not be applicable to your own business. This article should not be interpreted as legal advice.
Auditing your current processes will give you a clear foundation to build upon, so take stock of your current situation and clarify your position under GDPR. This includes determining if and when your business is classed as a data processor or controller and deciding whether you need to appoint a Data Protection Officer.
You should now be able to identify any potential danger points, both physical and digital. For example, you may find there are opportunities for sensitive information to leave the premises, or for unencrypted data sent via email to be intercepted.
Some areas may not present an immediate compliance hazard but could pose a longer-term risk to your business. For example, using physical files to store data may give you a lot of manual work to do should someone wish to view a copy of their data.
If you use third-party systems, you should make sure they are GDPR compliant, and find out whether they can help you meet your own compliance obligations. For example, FreeAgent makes it easy to for you to respond to the rights of individuals whose data you process through updates to the application.
Having completed your audit and identified risks, you should be in a good position to make a plan of action. Every business will be different, but some common areas are:
Clarity and transparency are fundamental to GDPR. Make sure your whole team understands your obligations as a business and their contributions as individuals – this may require some internal education.
Helping your clients understand how you can support them with GDPR can also enhance your position as a trusted advisor.
You’ve done a lot of work to stay compliant – make sure you don’t lose track of it! Recording your progress is valuable evidence should the ICO pay a visit. Regular training, auditing and purges of data, along with continually updating documentation is the best way to ensure your business is in the strongest position for GDPR.
FreeAgent provides award-winning online accounting software for small business owners and their accountants. Get in touch to find out how FreeAgent can support you and your clients.