News

SUBSCRIBE to our weekly e-mail (with live links) for just €5 per month
+++++++++++++++

ELEC Paper: Why EU Capital Markets Union has become a “must have” and how to get there -Feb 2024

My collected papers - 1989/1993: Market Discipline in EMU

Public Information

Expand

Graham Bishop Consultancy

Friends of GrahamBishop.com

Brussels 4 Breakfast

CPD / Education and Learning

Graham Bishop - Biography

Graham's Blogs

Graham's Media Activities

Graham's Speeches

Graham's Writing

Press Resources

Photographs

My `pro bono' work

How you can support this work

Why my `pro bono' work is relevant to markets

Technical Difficulties

Privacy Policy

Terms and Conditions

Tweets by @GrahamBishopcom

Follow @GrahamBishopcom

Article List:

EBF key messages to ...
Insurance Europe: Mo...
Accountancy Europe: ...
IFAC and FERMA: GDPR...
Insurance Europe: Ti...
Insurance Europe: In...
EU stimulates digita...
>>Accountancy Europe: ...
Insurance Europe: In...
Insurance Europe: EU...
Commercial Risk Euro...
European Commission ...
Commercial Risk Euro...
Preventing misuse of...
Insurance Europe: La...

Home>Protecting Customers>General Data Protection

Print Page Save to My Library <Next Article Previous Article>

13 May 2019

Accountancy Europe: GDPR one year on - its impact on auditors and accountants?

It’s been one year since the EU’s GDPR required all organisations processing data to review and adapt their documents and procedures. What the GDPR means in practice has been the topic of intense debate. Accountancy Europe aims to clarify what the GDPR means for auditors and accountants.

For statutory auditors, safeguarding their clients’ personal data is crucial, as their independent expert opinion provides trust to our financial infrastructure. In forming an opinion on companies’ financial statements, auditors process private data on a daily basis and therefore, must comply with the GDPR.

This is why statutory auditors need to identify which role they play under the new legislation: whether they are data processors or data controllers, as the responsibilities allocated to each role are different.

EU law requires auditors to be independent from their clients. This means that auditors determine why they need to use personal data and how this data is processed or stored. Because of this independence, auditors need to be considered data controllers under the GDPR.

In practice, this means that auditors need to set up a privacy policy to clarify their role and responsibilities as data controllers. They also need to notify their clients of this, by including a data protection clause in the engagement letter.

When not performing statutory audits, accountants should analyse the service they provide to determine whether they function as a data processor or data controller. They can do this by asking themselves: “as service provider, do I have any control over the purposes and the means of processing these personal data?”

If the answer is “no”, accountants and accountancy firms are acting as a data processor. In this case, they are acting on behalf and under detailed instructions of the data controller. For example, when clients control what, why and how accountants can process their personal data.

Full blog

© Accountancy Europe

< Next Previous >

Key
Hover over the blue highlighted text to view the acronym meaning
Hover over these icons for more information

Comments:

No Comments for this Article

Add new comment

Show name and company details

Follow Us

News

Public Information

Article List:

13 May 2019

Accountancy Europe: GDPR one year on - its impact on auditors and accountants?

© Accountancy Europe

Key

Comments: