An update for our accounting students: from 25th May 2018, every EU country, and each company processing personal data for data subjects living within the EU, will be required to adhere to a new set of data protection rules called the GDPR.
The General Data Protection Regulations (GDPR) will apply to all accounting professionals that deal with personal data information, whether that be collecting, storing or processing. Today we look at some of the main changes our accounting students should be aware of.
Data breach notifications becomes mandatory
Under the GDPR, data subjects must be informed of a data breach if the breach is likely to “result in a risk for rights and freedoms of individuals”. This must be done within 72 hours of the breach.
Right to Access
Data subjects will have the right to obtain confirmation of if their personal data is being processed, and find out what purpose their information is being used for. Data subjects will have the right to a free copy of their personal data, in electronic form.
Right to Be Forgotten
Data erasure, of the right to be forgotten, allows data subjects to request their data is erased, as well as stopping further sharing of the data between third parties. The conditions for erasure are: withdrawal of consent, or data subjects deeming their data as no ‘longer relevant to the original purposes of processing’.
Privacy by Design
This regulation obligates data controllers to hold only the data necessary for completion of their task. Data protection is built into the system design from the very beginning. Access to personal data will be limited to those who explicitly require the information for processing.
What does this mean for Accountancy post-Brexit?
If you are processing data about individuals in relation to the selling of goods or services to people within the EU, GDPR will need to be complied with. If you are processing data about individuals living in the UK, the situation is much less clear. The UK may well keep the regulations as they provide improved protection for citizens. The UK government appears to be planning the implementation of an ‘equivalent or alternative legal mechanism’. Also, worth noting is the ICO and UK Government’s support for the GDPR since its initiation. It appears UK based accountancy firms should begin preparing for a future where compliance of the GDPR is mandatory.