Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

GDPR compliance for accountancy business

  Quote
Guest
Guest user Created:   Nov 20, 2017 Last commented:   Nov 20, 2017

GDPR compliance for accountancy business

I run an accountancy business it’s a limited company and I am the only employee and have no intention employing anyone else. I have 150 clients a blend of sole traders and limited companies and want to know what I have to do - in simple terms to ensure I am compliant with the new legislation?
0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Dejan Kosutic Nov 20, 2017

Answer:

Based on the description provided the accounting company only acts as processor on behalf of sole traders and other limited companies.

If we are considering sole traders which are in fact natural persons (data subjects) the EU GDPR would be applicable and the documents found in the EU GDPR Documentation Toolkit https://advisera.com/eugdpracademy/eu-gdpr-documentation-toolkit/ would be useful. For example, data breaches should be notified, according to their severity, to the Supervisory Authority and to the data subjects themselves (the sole traders).

As for the limited companies the situation might differ depending on the type of activities provided by the accounting company. If we are talking about general ledger type activities, s uch as tax calculations, filing tax reports which do not involve personal data the EU GDPR is not applicable. However, if other accounting activities such as payroll for the limited companies employees or calculating tax deductions for employees, are delivered, this would mean that the EU GDPR would be applicable.

As a general remark, due to the fact that the accounting company has only one employee, there may not necessarily be a need to have procedures or complex processes set up in place. For example EU GDPR article 30 requirements (Records of processing activities) are not compulsory for companies under 250 employees which includes accounting companies (although it would be helpful to have it) and the Data Protection Impact Assessments will most likely not be necessary.

Nevertheless the only employee of the accounting company should be informed about the main GDPR provisions - especially the ones referring to personal data breaches and the use of sub-processors (if the accounting company outsources part of its activities to third parties). All relevant information can be found within the EU GDPR implementation toolkit.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Nov 20, 2017

Nov 20, 2017

Suggested Topics