Skip to main content

Confirming customer confidentiality

Using a cloud-based accounting solution such as Big Red Cloud will ensure your financial data is accessible and secure, but it is equally important to take measures to protect other sensitive information.

Data protection is a fundamental right set out in Article 8 of the EU Charter of Fundamental Rights, which states that everyone has the right to the protection of their personal data and that such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned, or some other legitimate basis laid down by law. 

Organisations must have a lawful reason to process personal data, for example for the purposes of carrying out a contract.

Coming clean crucial

Data controllers are obliged to notify the Data Protection Commission (DPC) of any personal data breach, unless they are able to demonstrate that the personal breach is unlikely to result in a risk to a person’s rights and freedom.

Even when the breach is not notified to the DPC, controllers must record the basic details of the breach, the assessment of the breach, its effects, and the steps taken in response.

In instances where a breach might result in risk to the rights and freedom of data subjects, the controller must make a notification to the DPC no later than 72 hours after they became aware of it. They should be able to demonstrate when and how they became aware of the breach and how they assessed the potential risk.

Protecting your data

Accountants understand concepts such as confidentiality and privacy and can take the lessons they have learned from protecting client data and pass this onto their clients. One of the most effective measures for protecting client data is securing mailboxes, which in the typical organisation might contain many years’ worth of financial information.

Clients will be reassured by obvious signs that a firm takes data protection seriously, for example by making sure that computers are password protected and sensitive areas of the building are secured. Physical measures are an important part of building trust.

Proactive communication to clients about the security of your data and GDPR compliance will stand you in good stead – don’t wait for them to ask.

Trust the cloud

While companies will always be responsible for their own data security, partnering with a company that can add extra layers of protection while updating cybersecurity on their behalf takes some of the pressure off.

In the past, some businesses have been reluctant to trust cloud providers with their company information but in the last few years, service providers have worked hard to prove that the cloud is built on trust and that the industry will fail if they let their customers down.

It is important to remember that everyone has a role to play in protecting sensitive data. This approach enables cloud providers to focus on the integrity of their hardware and software solutions while ensuring that users of their services take their security responsibilities seriously.