With GDPR legislation coming into effect today, IRIS Accountancy Solutions has found accountancy practices have taken substantial steps to become GDPR-ready but still have concerns over individuals’ rights.
The UK’s leading accountancy software provider solicited opinion from its customers in September 2017 and May 2018, and found practices have taken positive steps to apply the principles of personal data protection, implement procedures and allocate a data lead.
However, concerns on the individual rights to know the information held, access personal data and the right to be forgotten, remain as key challenges.
Sion Lewis, CEO of IRIS Accountancy Solutions says, “Preparation has accelerated across the industry and, looking at other UK sectors, I’m delighted to see we have made significant progress. There are still concerns but I believe by continuing to share and learn from each other we can respond effectively to requests.”
The results from IRIS’ survey reveal the industry is very aware of GDPR, with an increase to 99% in May 2018, compared to 80% previously. This is higher than other reports have found – one claiming that 84.3% of organisations in the UK are very or somewhat aware of GDPR.
Other key findings include:
- Nearly three quarters (69%) of accountancy practices feel their employees can apply principles of personal data protection, up from two fifths (40%) in September 2017
- Two thirds (66%) can demonstrate they have the necessary basis to hold client data, an increase from 42%
- Over half (53%) of IRIS accountancy practices have procedures in place to detect data and report a data breach,a 28% rise from the previous survey
- Four fifths (80%) of respondents now have a data protection lead,a rise from 60%
The survey also finds the industry is generally more prepared than other UK businesses. In February 2018, FSB research found a third (33%) of small business had not started preparing for the introduction of GDPR and a further third (35%) were only in the early stages of preparation. This highlights the breadth of support businesses need, and as a trusted advisor to their clients, accountants are well-placed to advise them in many aspects of their business, including GDPR.
IRIS has undertaken many initiatives to support and help practices become GDPR-ready, including its GDPR conferences across the UK, webinars and in-house training sessions, as well as wider education efforts.
IRIS has also added significant GDPR enhancements in its April and May accountancy suite updates to assist accountants in their compliance efforts. These have focused on the most challenging areas including:
- Bulk client delete capability which addresses the clients right to be forgotten
- Improved reporting for client rights to accessibility and portability of their data
- Client creation to deletion audit trail
- Enhanced security (file encryption, password policy, reset and obfuscation)
“GDPR compliance is a journey not a destination,” concludes Sion Lewis. “Although GDPR is effective from today, it should not be viewed as a one-off activity. Protecting personal data is central to every client relationship and needs to be frequently monitored. By continuing training and process checks, practices not only ensure they are compliant but also build client loyalty and trust.”
Further guidance and information can be found on the IRIS GDPR Hub.