enquiries@xc360.co.uk
Sales: 0208 732 5656

GDPR in Accountancy – 7 Top Tips for Compliance (Part 2)


GDPR in Accountancy – 7 Top Tips for Compliance (Part 2)

In my previous blog, I shared the first 3 of my 7 top tips for GDPR compliance for accountancy practices.

With Digital Minister, Matt Hancock, having now formally announced the new Data Protection Bill, which will enshrine the GDPR into UK law, as well as preparing the UK, from a data protection perspective, for life after Brexit, I thought today it would be useful to share a further 4 tips on preparing your accountancy practice for GDPR:-

1. Put together a new or updated data protection policy and train employees on it.

This is important as everyone in your organisation needs to understand their obligations under GDPR and how to make themselves fully compliant. It only takes one employee to not fully understand their obligations to allow something like a data breach to occur, which has the potential to result in crippling fines and reputational damage to the firm under GDPR. One area where I often get asked for advice is around BYOD policies (Bring Your Own Device), where there is the potential for employees to be storing copies of the practice’s data or emails on their own laptops or smart phones. Such devices may not adhere to the firm’s security policies and as such policies around protecting data in this instance need especially careful handling. Please feel free to contact me if you need advice on this subject.

2. Put in place processes for ongoing education for all members of staff around cyber security and data protection.

Because the cyber security landscape is constantly changing, it is very important that employees are constantly kept up-to-date with best practice around security and data protection. To help with this, we have put together a free staff training document, “Best Security Practices for Staying Safe Online”, which you may download here. To help with this, we have put together a free staff training document, “Best Security Practices for Staying Safe Online”; to request a copy please email me at at@xc360.co.uk

3. Review Your Backup and Disaster Recovery procedures. 

GDPR imposes an obligation to look after the personal data which is entrusted to your practice. This includes backing it up so that in the event of an IT problem, a data corruption, a natural disaster or a cyber attack you have backups from which you can accurately restore that data in a timely fashion. As a minimum, I would suggest that you should be backing up your data daily, but in reality most practices are now looking at much more frequent backups – in some cases as often as every 15 minutes, or via real-time replication.

You can read more about good practice around data backups and recovery procedures in my blog “Preparing Your Accountancy Practice for GDPR: Data Backup and Recovery”

4. Create a breach notification plan.

This is important because if the worst should happen, and you do experience a data breach under GDPR, you need to have a clear plan to deal with it and communicate it as smoothly and accurately as possible, and with the least possible damage to your practice.

If you are concerned about your practice’s GDPR compliance position, please do not hesitate to contact myself, or my colleague Andrew Banning, on 0208 732 5656 or email us on at@xc360.co.uk or ab@xc360.co.uk when we will be happy to arrange a no obligation conference call or meeting.

_________________________________________________________________________________

Xara Computers flagship product, the XC360 for Accountancy private cloud platform, provides accountancy practices with a fully managed, highly secure, UK based remote desktop running all their own practice’s software. This allows fee earners to work and collaborate in real-time, from any location, using any computer, laptop or tablet, safe in the knowledge that their confidential client data is centralized and secure. For more information please visit our website https://www.xc360.co.uk/accountancy/

Powered by WPeMatico

No Comments

Sorry, the comment form is closed at this time.