This may sound like an odd question, as I’m sure many of you will be certain you know just where all your confidential and personal data is held. But do you really? And does it matter?
Accountants hold much personal data, such as tax information and payroll data, which identifies individuals by name or reference number, and as such falls under the scope of the GDPR. In my previous article I talked about 6 key steps to take in preparing your practice for GDPR, the first of which was about understanding your data. This is a fundamental pre-requisite as until you understand what data you hold, and where it is stored, it is nigh on impossible to protect it adequately, as the GDPR demands.
And, the reality is, that in the globalised world in which we now operate, with increasing demands for remote working, there is a real danger that your precious business data may be scattered across the world. Yes, some of it will certainly be residing (hopefully securely) on your in-house servers. But what about the proliferation of company and employee owned portable devices such as laptops, tablets and smartphones which now hold company data and/or emails?
And then there’s data that has been shared with business partners and other third-party organisations. And data that has, for whatever reason, found its way onto file sharing services like Dropbox or USB sticks.
Then there is the cloud. The cloud has revolutionised the way many businesses store their data, but in doing so has also globalised the way data is stored, with many providers distributing data across servers worldwide in order to optimise costs. The cloud takes many forms, from well-known public cloud offerings, through to private cloud environments and individual cloud-based software applications. Understanding which of these your firm is using and where your data is actually being stored as a consequence is paramount, if you are to meet your obligations under GDPR, which include ensuring that you do not store data in or transfer data to countries outside the European Economic Area that do not have equivalently strong data protection standards.
There’s also copies of data taken for backup purposes to consider. And do bear in mind this is not just your scheduled backups of your in-house servers, but can be backups that you may not even be aware of, such as automatic cloud backup software which may be installed on employee owned devices, which could be copying confidential company data to an unknown provider’s cloud storage, in an unknown location, unbeknown to anyone.
In general terms, the more widespread and less controlled your data is, the more vulnerable you leave your accountancy practice to a security breach. So understanding what data you hold, where it is stored and who has access to it, is absolutely critical. This in turn needs to be documented, both so that the Partners/Directors have understanding of, and control over, their data and to provide documentation for compliance and audit purposes. This not only puts firms back in control of their valuable data, but minimises the risk of a security breach and takes the first step towards preparing for GDPR compliance.
Over coming blogs, I will be exploring in more depth some of the key issues around GDPR compliance for accountancy practices. In the meantime, if you are concerned about your firm’s GDPR compliance position, please do not hesitate to contact me on 0118 920 9600 or email james.stratton@connexion.co.uk when I will be happy to arrange a no obligation conference call to discuss how Connexion can help. We are currently working with accountancy practices on a wide range of GDPR readiness solutions, including carrying out GDPR cyber readiness audits, benchmarking current cyber security with an independent vulnerability scan, and implementing technologies and business processes to address vulnerabilities in cyber security defences, data backup strategy and disaster recovery provision.
If you would like to read other articles in our series of informational resources for Partners and Directors at Accountancy practices, please visit our blog at https://accountancyit.blogspot.co.uk/
________________________________________________________________________________
Established in 1994, Connexion Ltd provides IT consultancy, IT services and IT support to mid-size accountancy practices throughout the UK. Our focus is on delivering IT solutions that create real value to our clients' firms. Working closely with our customers’ in-house IT Managers, our structured and managed approach to delivering IT is paramount in ensuring our clients can maximise the business advantages technology can offer them, whilst minimising their risks. For more information about our services for accountancy practices please visit our website http://www.connexion.co.uk/accountancy
No comments:
Post a Comment