Accountancy Europe: GDPR - implications for auditors

06 December 2018

Statutory auditors regularly process personal data obtained from their clients. They are therefore directly impacted by the General Data Protection Regulation (GDPR) that entered into force in May 2018.

This publication aims to clarify what role auditors play under GDPR, i.e. whether they act as data controllers or as data processors. This distinction matters as the responsibilities allocated to each role are different. 

Accountancy Europe concludes that in principle, statutory auditors qualify as data controllers. For non-statutory audit services, Accountancy Europe encourages practitioners to analyse the processing of personal data on a case-by-case basis to determine whether they will be considered data controllers or data processors. Respective role and responsibilities should be stated in the engagement letter.

Full press release

© Accountancy Europe