General Data Protection Regulation

 In Information, Legislation

I was recently having a chat with one of our clients, and one matter that came up in the conversation is how unfortunate it is that we in Britain seem to take everything so very literally.

For example, when the European Union made a law that the greengrocers of this country could no longer sell their produce in pounds and ounces, we proceeded to arrest, charge, and convict a number of shop owners and market traders for so doing, and as a result they all got criminal records. 

I think that if we had been France, Spain, or Italy, we would have enthusiastically welcomed this new rule in the hearing of our EU colleagues, and then proceeded to do absolutely nothing about it in practice. At the very least we might have found some excuses to take no action on it until the market traders had got used to using kilogrammes.  Perhaps, at the same time, we could have applied for an EU subsidy to help everyone to pay for metric weights!

As things stand at the moment, even though we are (supposedly) leaving the European Union, we still have to comply with European Law, and in particular the Data Protection Regulation which takes effect from May 2018. Most probably, like metric weights, our officials will enforce European Legislation to the letter.

Here, for the record, is our policy on clients’ data.

All information that we have on clients is normally provided by the clients themselves, and it is kept on our files so that we can efficiently produce Tax Returns, Payrolls, VAT Returns, Annual Accounts and other such documents.

Occasionally we might be asked to provide details of the taxable income of our clients for the purpose of raising finance, and of course we will be absolutely happy to do so on request.  We also have to provide a certain amount of data regarding our clients to the ACCA and to our insurers for professional regulation, however that kind of data is limited to statistical figures on how many clients we have, what is our average fee, what fee we charge to our largest client, and the like.  All such data is provided anonymously.  We would not even dream of making a list of the clients of the Practice and selling it to any third party.

We may have specific tax related questions to deal with which are outside our normal experience, and if such matters arise we refer to Tax Consultants.  Similarly if matters of financial planning and investment advice arise on which we are not specialists, we have a Chartered Financial Planner who we refer to.  Once again, no information concerning our clients would be provided to such people without their permission.

Finally, we also have to provide information regarding clients to the authorities such as H M Revenue and Customs and Companies House for the completion of official documents.  Failure to do so on our part would cause penalties to be charged.  H M Revenue and Customs and Companies House are of course bound by The Official Secrets Act, and would be in severe trouble if they passed on any information about any clients affairs without authorisation.

The authority form that our clients sign for H M Revenue and Customs to discuss their affairs with us extends to the business affairs of our clients only.  They do not extend to any personal matters involving their employees.

For example, we were asked recently to make deductions from somebody’s payroll in settlement of what appeared to be a Government debt on the part of an employee.  We were not allowed to know what the debt consisted of or how it had arisen. That information is personal to the employee concerned and is not allowed to be shared with his employer or his employer’s Accountant.

Traditionally, up till now data has been stored by ourselves in physical correspondence files.  Since going over to online software, we now process the accounting records for our clients “on the cloud”, which is a secure means of storage to which only the client and ourselves have access.

Going forward, we shall be keeping data on cloud storage so that we do not have to rely on physical files anymore, and it is hoped that we will soon have a paperless office. 

ACTION POINT

We suggest that if you are holding any data on members of the public, for example a list of customers, that you take appropriate advice as to what you should or should not do with customer data.

More on this later.

–  Stephen Handley

Recent Posts

Leave a Comment