The GDPR for tax consultants: The most important answers
In May 2018, the new EU General Data Protection Regulation (GDPR) came into force. In the event of non-compliance, there is a risk of high penalties as well as a loss of customer confidence. Our free whitepaper addresses the five most important questions about the GDPR for tax advisors.
GDPR for tax advisors – overview:
- Significance of the GDPR for tax consultants
- Scope of stored data
- Particularly relevant articles in the law
- Steps to GDPR compliance
- Efficient implementation of measures
1. what does the GDPR mean for tax consultants?
The term “personal data” subsumes all information relating to an identified or identifiable natural person. “Identifiable” in this context means all data that can be assigned to a natural person, such as name, date of birth or gender.
2. what personal data does my law firm have?
Nearly all correspondence between law firms and their clients contains personal or other sensitive data. At the same time, customers now expect digital exchanges to take place alongside traditional communication channels. Often, unencrypted emails and free online solutions are used for this purpose, which, however, do not comply with the GDPR requirements. Many law firms thus put themselves and their clients at high risk for data loss.
This is fine until a security vulnerability becomes known or stolen data including its origin turns up on dubious portals, as has been the case time and again in the past. In the case of personal data, this is not only associated with a loss of reputation, but also, as a rule, with a significant fine of up to 10 million euros or 2% of global sales, depending on the size of the company.
3. which articles of the GDPR are particularly relevant for tax advisors?
When communicating with clients, a number of articles of the GDPR are specifically relevant for tax advisors, such as:
- Article 15 – Right of access
Clients have the right to know, upon request, which of their personal data a tax advisor uses and for what purposes.
- Articles 33, 34 – Obligation to report
Tax advisors must report security incidents to the relevant authorities and also to the affected clients within 72 hours of becoming aware of them.
4. what steps are required to be GDPR compliant?
On the basis of the PIPEFORCE checklist, you can check in which areas your tax firm is currently already DSGVO-compliant. Two examples from the white paper:
- Transport encryption
They implement technical measures that ensure an appropriate level of protection. This primarily includes the transport encryption of e-mails or the exchange of documents via a secure platform.
- Server location Germany
If you communicate by e-mail, you can ensure that the e-mail providers of the law firm and the client are located in Germany. If you exchange information via a platform, you can ensure that the platform is operated and hosted in Germany.
5. how can the requirements be implemented efficiently in my law firm?
With regard to fines, it is important that the GDPR requirements are fundamentally complied with in client communications and that the respective activities are documented. However, it is equally relevant for the profitability of a law firm that the specifications are implemented efficiently and that the corresponding solutions are accepted by the clients. The following practical tips will support you in this objective:
Download the complete whitepaper on the GDPR for tax advisors
In our free whitepaper, we go into detail about the points mentioned here and provide you with a complete checklist for implementation in your law firm:
Download DSGVO whitepaper now!