Business and Industry | Future Ready | Technology

What the GDPR means for accountants

You’ve probably heard by now that regulators from the European Union and the EU parliament have passed new regulations designed to protect personal privacy, called the General Data Protection Regime (GDPR). This broad-based pro-consumer regulation grants significant privacy rights to citizens of the EU and requires an ongoing commitment to protecting sensitive data. May 25 was only the official beginning of this work-in-progress that’s focused on individual privacy rights. Its full measure is that of being an ongoing effort to protect sensitive data, casting a wide net with an unprecedented international reach.

There are 28 member countries in the European Union. Basically, if a company or organization does business with anyone who is a citizen of the EU, that entity is subject to these new privacy standards and regulations. This may or may not apply to your firm or accounting practice, but most likely you have a number of clients that must now play within these GDPR guidelines.

According to Sage, of all departments within a business, the accounting department is perhaps hit least by GDPR preparations and requirements. A good rule of thumb is that, unless the accounting data is linked to an individual, then there should be no issue.

Bottom line, CPAs will need to better understand the legislation and what GDPR means for small businesses. Click here for details on the MACPA’s GDPR educational sessions. For additional information on GDPR and information security learning opportunities, please contact the MACPA.

The GDPR’s force extends well beyond existing data protection measures. How will the GDPR benefit individuals in the EU? The intention is to provide more control over how data on individuals is used -- and also place certain obligations on companies and organizations that process personal data of EU residents.

While the GDPR may seem a bit heavy-handed to some, businesses in the United States that fully commit themselves to GDPR compliance will be better-prepared for future regulations that may materialize in response to the past problems at Anthem, Equifax, Target, Facebook, and Chili’s (not to mention the next big data scandal that can hit the news at any time).

The real-world impacts won’t really be known for some time. In fact, EU members are not even in total agreement about what the GDPR’s results will be and what it will truly mean for each country.

Perhaps you’ve seen some new data confirmation emails these past couple of weeks. Here’s an example (from Forbes) of a Privacy Statement that supports GDPR. If you’ve not done so already, today’s a great day to find out how you need to adapt to these new regulations.


“You have to fight for your privacy or you lose it.”--Eric Schmidt


Rob Nance