An update for our accounting students: from 25th May 2018, every EU country, and each company processing personal data for data subjects living within the EU, will be required to adhere to a new set of data protection rules called the GDPR.
The General Data Protection Regulations (GDPR) will apply to all accounting professionals that deal with personal data information, whether that be collecting, storing or processing. Today we look at some of the main changes of which our accounting students should be aware.
Data breach notifications becomes mandatory
Under the GDPR, data subjects must be informed of a data breach if the breach is likely to “result in a risk for rights and freedoms of individuals”. Notifications must be sent within 72 hours of the breach.
Right to Access
Data subjects will have the right to obtain confirmation of if their data is being processed, and find out for what purpose their information is being used. Data subjects will have the right to a free copy of their data in electronic form.
Right to Be Forgotten
Data erasure, or the right to be forgotten, allows data subjects to request their data is erased, as well as stopping further sharing of the data between third parties. The conditions for erasure are the withdrawal of consent or data subjects deeming their data as no ‘longer relevant to the original purposes of processing’.
Privacy by Design
This regulation obligates data controllers to hold only the data necessary for completion of their task. Data protection is built into the system design from the very beginning. Access to personal data will be limited to those who explicitly require the information for processing.
What does this mean for Accountancy post-Brexit?
If you are processing data about individuals in relation to the selling of goods or services to people within the EU, you must comply with GDPR. If you are processing data about individuals living in the UK, the situation is much less clear. The UK may well keep the regulations as they provide improved protection for citizens. The UK government appears to be planning the implementation of an ‘equivalent or alternative legal mechanism’. Also, worth noting is the ICO and UK Government’s support for the GDPR since its initiation. It appears UK based accountancy firms should begin preparing for a future where compliance of the GDPR is mandatory.