hwb clocktower

General Data Protection Regulation

The General Data Protection Regulation (GDPR) came into force on 25 May 2018 and has replaced the Data Protection Directive. GDPR is designed to improve data privacy laws across Europe, to protect individuals’ data privacy and change the way organisations approach data processing.

We understand the importance of your personal data. It is very important to us that you have confidence in how we handle your financial and personal information and the steps we take to secure and protect your information (whether it is stored on our internal infrastructure or with our trusted third-party data processers).

IT Security Controls

We continuously review system/procedural security and potential risks to our business. HWB currently holds CREST accredited Cyber Essentials Certification which demonstrates security controls are in place to protect our IT systems and information.

A copy of Cyber Essentials Certification can be downloaded here.

How have we prepared for GDPR?

As an accountant and trusted business adviser, we hold and process personal data on behalf of businesses and individuals, meaning GDPR requirements have been thoroughly reviewed and policies put in place to ensure compliance for us and our clients.

Tasks we have completed in preparation for GDPR are:

Identifying personal data – We have completed a firm-wide information audit to document what personal information we hold, where it came from and who we share it with.

Purpose of holding data – All information held is requested for the purpose of supplying services and therefore we have identified and documented the purposes of processing all personal information held.

Retention periods – The work we complete is under the guidance of ICAEW and heavily regulated. Therefore we have reviewed and documented the retention policy of all personal information in line with legislation, storing data for no longer than is legally required.

Complete due diligence on 3rd party data processers – We use 3rd party data processers to assist in delivering a full service to our clients. We have completed due diligence on all of them and hold evidence of their security measures and GDPR compliance.

Data Subject Rights

GDPR gives individuals the right to access information on request so we have expanded our policies to ensure we can address any data requests by our clients.

Data Breaches

We have prepared a policy to identify what constitutes a data breach that requires reporting and have set up a register to record any breaches should they occur.

Training

We have held training sessions with our staff to inform them of the new policies and procedures we have in place and hold regular update training sessions. It also forms part of our induction process for anyone who joins the firm.

What should you and your business be doing under GDPR?

We would recommend taking advice now to ensure you are compliant under this new legislation.

If you have any queries on HWB’s compliance or how you can prepare for GDPR, please contact Richard Bacon on 023 8046 1255.

Download our Free App

Stay in touch with your finances by downloading our free app Our easy-to-use app is available to download for free from the Apple and Google Play app stores. It’s full of useful information which is accessible from anywhere at any time.

Let’s Talk

Why not arrange a FREE consultation and find out what we can do for your business.