Find Your Specialist


Contact Us

    Go Back

    The Countdown to GDPR – Will you be ready?

    March 16th marks ten weeks left before the May 25 deadline for the European Union’s (EU) General Data Protection Regulation (GDPR).   GDPR unites all of Europe with one data protection law, replacing the prior European Commission’s Data Protection Directive and the UK’s Data Protection Act of 1988. Ian Singer, the lead IT Assurance Partner for UK CPA firm PKF Littlejohn, explained, “Most of the data protection laws are 20 years old. Clearly the world has changed radically in that time, particularly with digital marketing.”

    Much like the recent update to the U.S. tax law, GDPR is a lengthy law with a great deal of grey area left to interpretation.  One item that is crystal clear is the enormous penalties outlined in the law, which range up to 20 million Euros or 4% of annual global revenue. Another clear aspect of the law is that it applies to any company that captures or manages data regarding citizens of the EU, regardless of where the company is based.

    The core concept of GDPR is individual rights. The law gives citizens of the EU greater control and ownership of personal data that businesses capture, and outlines the rights of the citizen pertaining to that data. These individual rights include:

    • The right to be informed –Ensures consumer data isn’t collected without the individual being notified
    • The right of access – Provides citizens with previously unwarranted access to personal data collected by an organization
    • The right to rectification – Allows users to correct misinformation if noticed in collected data as part of the “right of access”
    • The right to erasure – Also known as the “right to be forgotten,” giving citizens the ability to terminate a business relationship and all associated records under pressing circumstances.
    • The right to restrict processing – Should individuals wish to pause a business relationship rather than take the “erasure” route, they can halt personal data collection and analysis
    • The right to data portability – Transfers all data ownership to the individual, meaning businesses cannot hold data “hostage” and restrict data from being viewed by other organizations (competitors, for instance) should the individual wish for it to be shared.

    Demonstrating Compliance

    Many U.S. companies have been caught in an extreme time crunch attempting to comply with this law’s requirements by May 2018.  If you haven’t performed your due diligence yet, how do you begin?

    Frazier & Deeter’s Process, Risk & Governance Partner Gina Gondron suggests, “Look at what you are already doing to protect consumer data. It’s an overwhelming law and standard to some, but when you peel back the layers, the purpose is how you are handling the data of your customers. It’s not something that should be that foreign.”

    Gondron also notes that organizations with SOC reports (System and Organization Controls Report) have an excellent starting point to use as the basis for their GDPR compliance.

    In order to demonstrate compliance, consider these steps:

    1. Get an outside expert to help you review and map your existing data management controls
    2. Identify gaps, especially in the area of the right to be forgotten
    3. Identify a Data Protection Officer
    4. Review data breach notification procedures, or develop them if not already in place
    5. Develop employee training materials specific to managing customer data

    Given the lack of guidance and any sort of certification, organizations that may be challenged under the new law need to be able to demonstrate an attempt to comply.

    As Singer puts it, organizations should be ready to “show you have a process you are following, and that you are taking a serious view of this. You should be having good conversations, with the right people, including your Data Protection Officer. At the heart of those conversations you must have the rights of the individual, not the company.” The concept of privacy by design, rather than as an afterthought, is the goal.

    Have questions about your status and how to proceed with this rapidly approaching compliance deadline? Listen to our webcast, or talk to one of our data protection advisors.

    Related Articles

    • 01.25.2023

      A New Year Means New Privacy Laws

      Ever since the General Data Protection Regulation (GDPR) came into effect in May 2018, US state privacy laws have been passed in Virginia, Colorado, Connecticut, Utah and, most pressing of them all, California. The California Privacy Rights Act (CPRA) went…

      Continue Reading
    • 01.19.2023

      The New Rules Under Section 174

      Internal Revenue Code Section 174 has long been used by taxpayers to deduct certain expenses related to research and experimentation (R&E) in the current year.  The code section was originally enacted in 1954 to eliminate uncertainty in the tax accounting…

      Continue Reading
    • 12.20.2022

      IRS Customer Service May Improve in 2023

      With 4,000 new customer service representatives and plans to hire 700 new Taxpayer Assistance Center (TAC) employees, taxpayers soon may get relief from endless hold times, no in-person help and unresolved problems.

      Continue Reading
    • 12.12.2022

      Reduce Taxable Income with IRA Distributions Transfers

      IRA owners who are age 70½ or over can transfer up to $100,000 per year to charity to reduce their taxable income. These transfers, known as qualified charitable distributions or QCDs, offer end-of-the year tax savings and can count toward required minimum distributions (RMDs) that taxpayers who are age 72 must make each year. Think of it as a tax-free charitable rollover of IRA funds.

      Continue Reading
    • 12.02.2022

      UK R&D Tax Reliefs – Where Are We Now?

      In the November 2022 Autumn Statement, the Chancellor announced significant changes to the current Research and Development (R&D) tax reliefs. The key announcements were a change to the applicable rate of the Research and Development Expenditure Credit (RDEC) and a…

      Continue Reading
    • 12.01.2022

      1099s Required for 2022 Tax Year

      Taxpayers earning income from selling goods or providing services may receive a Form 1099-K, Payment Card and Third-Party Network Transactions, for the first time in early 2023, when the 2022 forms are due. The requirement to file Forms 1099 have…

      Continue Reading
    • 11.28.2022

      IRS Uncovers $3.1 Billion in COVID Fraud

      The IRS Criminal Investigation department (IRS-CI) has partnered with the Justice Department to uncover and prosecute fraudulent activities related to the federal government’s COVID relief programs. To date, the IRS has conducted 840 investigations involving fraud amounts totaling more than…

      Continue Reading
    • 10.25.2022

      IRS Inflation Reduction Act Increases Funds

      The Inflation Reduction Act of 2022, enacted in August, increased funding for the IRS by $80 billion through 2031 for enforcement activities, operations support, systems modernization and taxpayer services. The legislative language, Treasury Secretary Janet Yellen and IRS Commissioner Charles…

      Continue Reading

    Privacy Overview

    When you use or access the Site, we use cookies, device identifiers, and similar technologies such as pixels, web beacons, and local storage to collect information about how you use the Site. We process the information collected through such technologies, which may include Personal Information, to help operate certain features of the Site (e.g., to prevent online poll participants from voting more than once), to enhance your experience through personalization, and to help us better understand the features of the Site that you and other users are most interested in.

    You can enable or disable our use of cookies per category.
    Always Enabled