Skip to content

It's almost here...are you ready for GDPR?

xero uk; sutton coldfield accountants; sutton coldfield accountant; gdpr; 1998 data protection act; xero's approach to gdpr compliance

Unless youve been hiding in a cave for the last six months (or perhaps just havent noticed the recent influx of update your preferencesemails in your inbox) youll know that the General Data Protection Regulation (GDPR) is about to come into effect.


GDPR launches on 25th May 2018 as the replacement for the 1998 Data Protection Act, and aims to bring data privacy processes into the modern era of online business and social media.


If your business collects, stores or processes the personal data of EU citizens (and yes that includes British citizens both now and after Brexit), you will be affected by the new laws.


So, with the deadline looming - and potentially exorbitant penalties for non-compliance - weve put together a quick reminder of the main rule changes to make sure you have your house in order.



What GDPR will change - and how you need to respond


Primarily, GDPR aims to give customers greater control over their personal data, while encouraging more transparency from the businesses that hold it.


You can read a full guide to the regulations on the ICO website, but here are the main highlights:


Your business must have a ‘legal basis’ for storing and using an individual’s data


Under the regulations, there are six possible lawful bases for processing data, but in most cases, your legal basis will likely be consent.


Youll need to show that your customers or prospects have given you explicit consent for you to use their data, which is why so many businesses are now hurriedly sending out those opt-in emails to their subscriber bases.


Crucially, consent under GDPR requires a positive opt-in. Pre-ticked boxes or any other kind of default consent are not acceptable - so if thats how you obtained your data in the first place, youll need to refresh your customer consents immediately.



Your business must document its data processes and procedures


As well as gaining consent for the use of personal data, youll need to start documenting the way in which it is used in your business. Its not sufficient simply to comply with GDPR - you need to be able to demonstrate your compliance at any given moment.


Under article 30 of the GDPR, most organisations are therefore required to maintain a record of data-processing activities, across categories such as data sharing and retention (though there are some exemptions in this area for small businesses with less than 250 employees).


Youll also need to put written contracts in place with organisations that process personal data on your behalf, and youll need to establish a facility for recording and reporting any data breaches.



Your business must prepare for individualsenhanced rights


Under existing Data Protection laws, individuals have the right to access the information you hold on them, and correct it as necessary. GDPR will go further, giving customers the right to have their data erased altogether in certain circumstances - known colloquially as the right to be forgotten.


Youll need to have procedures ready in place to accommodate these new rights, and youll likely also have to update your privacy policy as part of the customers right to be informed.


At the point of collecting their data, youll need to share your purpose for processing the data, declare how long youll be keeping the data and state who it will be shared with. GDPR stipulates that this information must be concise, transparent, intelligible, easily accessible, and it must use clear and plain language.



What about the data you share with your accountant?


Like any business and any accountant, we are bound by the GDPR regulations too - so its our duty to ensure the data you share with us is safe, secure and used only in accordance with your permissions.


As a Xero partner however, we also recognise that we effectively invite you to share your personal data with them. Thankfully, you can rest assured that Xero is well ahead of the GDPR game.


Indeed, Xero has been busy implementing a range of measures ahead of the 25th May deadline, including making changes and improvements to the product itself.


If youd like to know more about Xeros approach to GDPR compliance, and how it keeps all your data safe and secure, just visit


Inform Accounting - Sutton Coldfield cloud based accountants serving forward thinking businesses in the West Midlands and across the UK. If you’re in need of a new accountant with a refreshing approach to client relations, get in touch today on (0121) 667 3882 or email us at .


Read more of Inform's tax blogs:

Being ready for making tax digital

Making Tax Digital: Why you need to prepare for the big tax shake-up now...

An introduction to cloud security

How cloud accountants can improve your business performance

How to prepare management accounts using Xero


Speak to one of our specialist accountants today!

If you’d like to know more about how we can support your wealth management, we’re happy to help.