With the General Data Protection Regulation (GDPR) set to go into effect in late May, any firm or their clients that offer goods or services to individuals in the EU must be able to prove their processes for collecting, using, storing and sharing any personal data are fully compliant.
More importantly, this applies to U.S.-based accounting firms that work directly with EU clients need to comply with GDPR or face penalties.
Alarmingly, a recent survey by Sage, found 84 percent of U.S. companies don’t understand what GDPR’s rollout means for their business specifically, and 91 percent lack a general understanding of the regulation details. In addition, 74 percent of U.S. businesses surveyed are not confident that, or don’t know whether their companies will be ready for GDPR requirements before the EU’s deadline.
The survey results are concerning to say the least given that businesses can face fines up to 20 million euros (approximately $24 million) or four percent of annual global turnover (whichever amount ends up being higher).
How to Prepare for GDPR
Accountants oversee incredible amounts of important business and personal data — relating to their own practices and the finances of their clients. With the May 25 deadline fast-approaching, here’s five actions accounting firms need to take in order to prepare for the EU’s sweeping regulations:
1. Outline the difference between Data Controllers and Data Processors
The GDPR defines two clear roles concerning the handling of data: data processors and data controllers. Consequently, accountants must consider what this means for the roles within their firms — who qualifies as a data processor and who qualifies as a data controller.
About Adam Prince
Adam Prince is VP Global Product Management, Compliance and Migration at Sage.