General Data Protection Regulation
The General Data Protection Regulation (GDPR) came into force on 25 May 2018 and has replaced the Data Protection Directive. GDPR is designed to improve data privacy laws across Europe, to protect individuals’ data privacy and change the way organisations approach data processing.
We understand the importance of your personal data. It is very important to us that you have confidence in how we handle your financial and personal information and the steps we take to secure and protect your information (whether it is stored on our internal infrastructure or with our trusted third-party data processers).
IT Security Controls
We continuously review system/procedural security and potential risks to our business. HWB currently holds IASME accredited Cyber Essentials Certification which demonstrates security controls are in place to protect our IT systems and information.
A copy of Cyber Essentials Certification can be downloaded here.
How have we prepared for GDPR?
As an accountant and trusted business adviser, we hold and process personal data on behalf of businesses and individuals, meaning GDPR requirements have been thoroughly reviewed and policies put in place to ensure compliance for us and our clients.
Tasks we have completed in preparation for GDPR are:
Identifying personal data – We have completed a firm-wide information audit to document what personal information we hold, where it came from and who we share it with.
Purpose of holding data – All information held is requested for the purpose of supplying services and therefore we have identified and documented the purposes of processing all personal information held.
Retention periods – The work we complete is under the guidance of ICAEW and heavily regulated. Therefore we have reviewed and documented the retention policy of all personal information in line with legislation, storing data for no longer than is legally required.
Complete due diligence on 3rd party data processers – We use 3rd party data processers to assist in delivering a full service to our clients. We have completed due diligence on all of them and hold evidence of their security measures and GDPR compliance.
Data Subject Rights
GDPR gives individuals the right to access information on request so we have expanded our policies to ensure we can address any data requests by our clients.
We have prepared a policy to identify what constitutes a data breach that requires reporting and have set up a register to record any breaches should they occur.
We have held training sessions with our staff to inform them of the new policies and procedures we have in place and hold regular update training sessions. It also forms part of our induction process for anyone who joins the firm.
Why not arrange a FREE consultation and find out what we can do for your business.