A client calls, demanding their data. Are you ready?
A client demands their data. You need to respond. Are you ready?
This is the position accountants must expect to face in the new GDPR world.
But some of you reading this may be feeling under prepared.
What do you need to do? How can you get hold of the right information – and fast? Are there steps to take in advance to prevent it?
Complying with new rules
Under the new Data Protection rules (GDPR), that came in on 25 May, individuals have a right to make a subject data access request.
So, a client rings you and asks: ‘What information do you have about me?’ and you, as the accountant must be ready to pluck that data out of your system and process it. Can you do that?
Crucially, can you do it “without undue delay” – a month at most – as per The Information Commissioner’s guidance?
The ICO says that clients have the right to obtain from you:
– Confirmation you’re processing their personal data and for what purposes
– A copy of their data
– Who you are sharing their data with
– Other supplementary details – largely related to what you should provide in a privacy notice
Extracting data with IRIS
If you’re an IRIS customer, there are many ways you can extract different types of personal data to share with clients. We’ve recently built a guide on doing exactly this. Visit our help centre page HERE to see how.
The IRIS single database contains all client details, so accountants can provide a comprehensive overview of the client including details such as names, addresses, personal tax information, including current pension contributions this year, dividends and business dealings.
Through Data Mining, a feature of Practice Management (requires a licence), you can access a lot of data and it’s very flexible.
IRIS Products get the job done
Our products, OpenSpace, Accountant Go and IRIS Docs, can help you with responding to data requests.
Using IRIS Docs provides a huge advantage, with all client communication already stored in a single location, making it much easier to respond when a request comes. It stores copies of all client communications and details. IRIS Docs empowers you to organise and manage clients’ documents efficiently and effectively, and also to identify what information you hold on them.
You can upload relevant documents to OpenSpace as a matter of course, giving clients access at any time to some of the kind of data they may request. This information comes in Machine Readable Format – another requirement of the new rules. For accountants this saves time, money and hassle. You don’t have to print out the documents to post or send potentially insecure emails. Furthermore, you won’t have to buy an encrypted email service.
Client self-service cuts time
OpenSpace and Accountant Go can help you answer frequent basic questions and data requests without any extra effort and cut time spent on the phone providing such details.
Security is key
Security is such a huge part of data protection and it’s worth remembering that OpenSpace gives you that peace of mind. Accessible anywhere, on a secure EU-based platform, all files are encrypted in transit. It also enables clients to e-sign when they have received the information – providing a full audit trail. With Accountant Go, messages go through a private network while in transit and they are encrypted when they are ‘at rest’.
There are other things you may want to consider regarding client access requests. One is reviewing engagement letters, including identifying all processes and activities performed by your business, to ensure complete transparency from the outset of your client relationship.
Interested in learning more? Talk to one of our team and also check out the ICO’s web resources.