We recently ran research amongst Keytime customers, which found that almost a quarter still feel in the dark about elements of the General Data Protection Regulations (GDPR) changes, with 23% of those polled saying that they aren’t aware that Data Protection laws are soon set to change. With just four months to go, the Keytime team is urging all small practices to get up to speed with GDPR and make any necessary changes in time.
We asked customers for their thoughts in a bid to understand the greatest GDPR challenges currently facing accountancy practices. The research, which surveyed 280 Keytime customers – predominantly those in small practices or sole practitioners – found that while some progress is being made, there are still areas that accountants feel uncertain about and underprepared for.
On the plus side, most practices have made the vital first step by appointing a data protection lead for the business. More than two-thirds (68%) of firms say they have designated someone for the role, proving that most accountants are moving, or at least starting to move, in the right direction to deal with GDPR and ensure they are compliant.
Yet where small practices seem to falter, is lacking confidence in how to handle the day-to-day demands of GDPR. Many feel torn over whether their teams can manage what is expected. At present, just 56% feel their employees can apply the principles of personal data protection; almost half (48%) believe their company can demonstrate the necessary basis to hold the client data in its systems; yet just 42% have procedures in place to detect, report and investigate a data breach.
Our GDPR whitepaper provides lots of useful information about how to prepare and is available to download here.
In considering the new rights protected under GDPR, our customers ranked the top three most likely to pose the biggest challenges to implement, as:
• The individual’s right to know the information you hold on them (62%)
• The individual’s right to be forgotten (erase the information held on them (38%)
• The individual’s right not to be the subject of automated decisions and profiling (32%).
For small practices, adopting the requirements of GDPR will mean re-evaluating a lot of basic, daily tasks and habits; including online security, sharing information with clients, and using cloud storage. Our research flags that this will be an issue, with 27% of customers either sharing system login details or not having any login details to access their systems. Almost half (46%) currently share information with clients on paper; 58% predominately use paper to store client information within the practice; and a further 42% are using multiple databases to secure client data.
There we have it, our own customers – representative of the thousands of small practices out there – are experiencing real challenges and concerns about GDPR. Yet the countdown is on and there is no option but to take the use and storage of data seriously, or run the risk of crippling fines. If you’re a customer that took part in our survey, or if any of the findings ring true with your own experiences, don’t be daunted; there is still time to dig deeper into what the legislation means and the practical steps you can take to be fully compliant by 25th May.
Find out more about GDPR with online training. Our on-demand, video training series will take you through GDPR, your obligations and steps you will need to take to prepare for May.