Ruth McFarland, ACA, Finance and Operations Manager, Synapse, writes about how to protect financial data on the move
The Data Protection Bill become UK law on the 25th May 2018 and it will have far-reaching consequences with the potential for significant fines for violation of the new rules. While many key principles and concepts remain the same, there are several new prescriptive requirements and those found to be non-compliant, could face fines of up to €20m or 4% of global annual turnover, whichever is greater.
Privacy is undoubtedly at the forefront of GDPR, in part because of the sharp rise in data breaches over the last five years, and it is hoped that by replacing out of date legislation, digital trust can be deepened.
GDPR affects all parts of an organisation but for the purpose of this article, we will focus on the ramifications for Group FDs and those involved in the financial reporting process in Group Companies. It is not an unusual scenario for hundreds of Excel spreadsheets to be distributed to local finance teams each month for planning and performance tracking and the sharing of this highly confidential information is frequently achieved by email with a simple file attachment. Under the new rules, any organisation sharing confidential data in this way puts itself at risk of a data breach, which is defined as ‘an incident leading to destruction, loss, alteration, unauthorised disclosure of, or access to personal data’. This includes the scenario of when data is sent to the wrong recipient.
The biggest risks are the loss of information and misuse of information. To reduce this risk, ask yourself:
- How might information get lost? Look at all the places that this might happen and close the gap or put in place a procedure to test the gap at regular intervals.
- Are you encrypting all financial information?
- Is there a process in place to protect data when in transit? A moving target is more difficult to protect than static data!
- What information could be misused?
- Who might misuse the information? Misuse is something that could happen inside your office so take a look at the different roles your team fulfils and what information they might come across
We know that Microsoft Excel is the traditional tool of choice for presenting and analysing data and calculations and there are now over 750 million users worldwide. However, GDPR puts the onus on organisations to protect their data and this is more difficult when the data is on the move. Those using older versions of Excel are more likely to be at risk as multiple users are not able to work together on the same spreadsheet and email is likely to be used to share the latest version.
GDPR puts the onus on organisations to protect the data it shares across the team as it collects it and to safeguard it when sharing with management, shareholders and other stakeholders. Appropriate security measures can be put in place with the help of an encryption tool that encrypts all data held in spreadsheets and also with the help of new Cloud technologies that effectively re-engineer spreadsheets and make them suited to the new world of GDPR.
By employing a radically different approach to an age-old problem, finance teams can integrate their existing spreadsheets and other disparate data sources (such as MS Access and core ERP) into a single solution with none of the large-scale data migration issues and with minimal disruption. Everyone works right inside Excel, everyone enjoys direct benefit, and everyone retains Excel’s legendary flexibility but with the added bonus of being able to protect all sensitive financial data in line with GDPR. All users have to log into the system before they can see what data is being held and this provides the necessary layer of protection to prevent a data breach and sensitive financial information falling into the wrong hands.
As any member of the team changes any cell of data in their local spreadsheet, a record is written to a secure audit database showing a time stamped trail of all changes by all users no matter where they are. This is crucial in relation to GDPR as if data is lost or misused, a trail will be needed for the Information Commissioner’s Office.
This becomes a completely robust process that will deliver reliable numbers and spreadsheet data is synchronised with each member of the finance team, ensuring that their work is shared accurately with every other team member. Data quality is guaranteed because all of your spreadsheet business rules and formulae are preserved in the cloud database and then executed in such a way as to ensure data integrity.
Data protection is not only important from a compliance and business value protection point of view, it is also key to fostering the digital economy and gaining a competitive edge. The use of smart technology to deliver next generation Enterprise spreadsheets has the potential to aid GDPR compliance and ensure that the data door is not left wide open.
Please get in touch if you would like to find out more about how we can help Group Finance teams protect their financial data.
Synapse Information develops Cloud CFO, a complete solution for Group Company Consolidated Primary Financial Statements, Forecasting and Statutory Accounts.