GDPR compliance: what accountants need to know

For many years, exchanging important and sensitive documents with clients by email has been the norm. But accountants have had to re-think this standard part of daily work life, as they come to terms with the recent and significant tightening of data protection laws. With the advent of GDPR at the end of May, accountants must find different ways to safeguard important files to ensure clients are protected. They must be even warier of data breaches.

There are some consumer file sharing sites out there that, in theory, could help an accountant looking to solve this problem. However, these are often complex to manage for multiple clients and fail to always comply with UK data protection requirements.

So what features make file sharing tools fit for the post-GDPR world?

1. Security first

Security is the cornerstone of the new regulations and in a post-GDPR world, it is essential for systems to offer rigorous protection for the exchange of sensitive and confidential information with clients – something that cannot be done securely via email. Accountants need to have total confidence in their data with the same levels of encryption and authentication expected as from online banking.

2. Speed and flexibility

Systems that allow e-signatures and e-approval are crucial to the working practices of accountants in 2018. Not only do these features provide a full audit trail meaning that accountants can obtain client approvals quickly, legally and in a GDPR compliant fashion, they also save time, money and hassle, eradicating the need to print and post paperwork or send potentially insecure emails. Plus, it prevents the need to buy an encrypted email service.

3. Ability to comply with data requests

Another aspect of GDPR is that clients have the right to make a subject data access request. A client may ring you and ask: “What information do you have about me?”. You, as the accountant must be ready to pluck that data out of your system and process it. Can you do that? Crucially, can you do it “without undue delay” – a month at most – as per The Information Commissioner’s guidance?

Software can support you in doing this, giving you the ability to upload documents that can be seen at any time by clients, in the format required by GDPR.

Next steps

GDPR has significantly altered the way accountants work, but there is no reason to fear the regulation, as software is available to help you comply with all the requirements under the legislation.

Take the IRIS OpenSpace, for example. Allowing clients to access secure files on the move, the system is fully secure, with the platform based on Microsoft Azure with EU-based servers, therefore meeting the new GDPR compliance requirements. What’s more, all files are encrypted in transit.

With e-signature and e-approval features, clients can give their approval quickly and securely. The software also has two factor authentication, meaning that when users log in, OpenSpace sends an email with a code they must complete to confirm their identity. Even if someone knows their password they can’t log in without this code. It’s also easily set up via the account menu.

To bump up security even more, all passwords are encrypted using a salting and hashing algorithm, which means nobody can see the password, not even IRIS. Users also get safety tools such as a password strength indicator, to help to ensure that theirs is strong and won’t be breached. Documents are encrypted as they are being uploaded using SSL and AES technologies – which means information is safe and protected while in transit.

Overcoming challenges

Accountants often deal with clients who are reluctant to switch away from emails, even after hearing the new GDPR rules explained.

It’s human nature to dislike change and some people can be hard to persuade. Yet, there are many reasons, particularly around security, that accountants can give clients to show them why software such as OpenSpace is the right alternative.

GDPR is a game-changing piece of legislation, and with it comes the responsibility to protect data, ensuring that your systems and processes are watertight and up-to-date. It therefore presents an opportunity for accountancy practices to establish themselves as trusted business advisers, capable of not only gathering and analysing client information, but also protecting business data, whatever the sensitivity, using software that offers security, speed and flexibility.

Find out more about the IRIS OpenSpace and discover how software can help you comply with GDPR.