Accountancy process a lot of information from many customers, have access to a lot of data and usually work with a lot of administrative staff and subcontractors or suppliers of IT infrastructure.
We map data management, network management and permissible access for specific persons by conducting an ISO27001 audit. We check whether access codes change regularly and monitor people who are no longer allowed to consult databases.
Clients of accountants want to be informed about the use, storage, retention periods and the destruction of their personal data. For this we use the documentation obligation and the necessary contracts are drawn up in which the aspects of the GDPR are followed.
The Fair Information Principles
- Are the data lawfully kept?
- Has the basis been established for processing sensitive data?
- Is data sent to countries outside the EEA?
- Do the data comply with all legislation such as the Constitution or Criminal Law?
- Have the data been obtained lawfully?
- Are they allowed to collect certain data?
As DPO, we assist with data management regarding legality, responsibility, appropriateness, specified by purpose, data set, correctness, up-to-date, storage limitation, technological security, organizational security and transparency.