GDPR - How we manage client data
What is GDPR?
The GDPR is the ‘General Data Protection Regulation’ and came into force on 25 May 2018. It is an overhaul of existing EU legislation on data protection, not new rules.
It’s hard not to have noticed the commencement of this new data protection law.
We have made a full review of our data acquisition and retention processes and are satisfied that we meet the criteria set out in this regulation.
Prior to requesting data from clients, we ask that consent is given to us to use their data.
Any client data we hold, is stored digitally. No manual files are kept. Any digital records are protected by passwords and we have the latest antivirus software installed on all computers. We only use this information to fulfil our responsibilities as your accountants when we submit returns to the HMRC and Companies house.
Clients are legally allowed to view this data in entirety, as well as making it clear on the levels of profiling or direct marketing they will permit. Individuals can also request deletion of all data contained upon them.
However, our legal obligations to HMRC come before an individual’s ‘right to be forgotten’ under GDPR. This means we should hold data for at least a period of 6 years to satisfy HMRC’s requirement for us to retain records for this time period.
If you have any queries on how your data is managed and stored, please do not hesitate to contact your accountant directly or email email@example.com