020 7213 9911
Merry Christmas to all. Please note our office is closed on Thursday, 14th December and from 5pm on 21st December for Christmas, reopening on 2nd January.

HAT Group, making accountants count

ICO asks accountants to support SME clients with data protection

In a recent publication the Information Commissioner’s Office (ICO) is asking  accountants to step up in helping their SME clients navigate the existing (and future) complex data protection legislation.

The ICO says “UK accountants should recognise the crucial role they play in helping their SME clients establish the correct data protection practises from the day their business is established.”

General Data Protection law (GDPR) sets out what businesses should do to make sure they are looking after people’s “personal data.  Research carried out by the ICO in 2021 found that

  • 34% of SMEs trust their accountants for advice on this area , and
  • 20% actively use their accountant to keep them up to date on GDPR. 

“Highly regulated professionals, such as accountants, often have a better knowledge of the regulatory landscape as a whole to ensure their own and their clients’ compliance,” says Faye Spencer, Head of Business Services at the ICO. “However, we’re not asking accountants to be experts – that’s our job – but any mention of the ICO to their SME clients can be extremely useful to ensure they have knowledge of how we, too, can assist in their data compliance. 

The article also sets out seven key questions for accountants to ask SME clients about data protection compliance:

  1. How much do clients know about data protection compliance and the ICO? 
  2. What types of personal information will they collect on a day-to-day basis?
  3. Encourage them to ask ‘why’ they are holding this personal information.
  4. What security measures do they have in place? 
  5. Do they have a privacy notice? 
  6. Do they know what a subject access request (SAR) is? 
  7. Do they know what to do if their business has a personal data breach? 

The answers to these questions are provided here.

Whilst HAT are not GDPR experts we have developed a “GDPR – Understanding your responsibilities” course as an introduction and/or refresher for all staff working in your practice. Full details of this on demand course are here.