Protecting your data – how we comply with the General Data Protection Regulation (GDPR).
As an accountancy and business advisory firm, we are already subject to clear rules and standards when it comes to protecting the privacy of clients and business contacts’ personal data and ensuring we have robust measures in place for processing data in a secure and protected manner.
Purposes for which we process data
As an accountancy and business advisory firm, we process personal data to perform the accountancy and advisory services we provide to our clients (individuals, companies and organisations) and keeping them (and other interested parties) informed about our marketing events, newsletters and legal service updates.
As an organisation, we process personal data in relation to our staff (and associated family members), others who provide business services to us and those who visit our offices.
Parties with whom we may share data
As accountancy and business advisory firm, we only share personal data with a third party where they are involved in supporting us in providing the services we have agreed to provide you or to keep you informed about our services.
As an organisation, we only share data in relation to our employee or business contacts, where this is necessary.
What we do to meet the requirements of the GDPR
We audit data held in our key business functions to continually improve how we process personal data.
We only share data with third parties when there is a clear need to do so.
We work with those third parties to ensure that this data is passed to them in a secure manner.
We maintain an ongoing staff training programme to make sure that your personal data is processed safely.
We communicate through our website and contracts to ensure people are aware of what we do with their data and how to contact us if they have any queries regarding this.
We continue to do all we reasonably can to protect our IT systems infrastructure and telecommunications systems, together with the business and personal data we process. This includes hardware safeguards, access controls, solutions for combating spam, malware and viruses, as well as monitoring software and carrying out regular tests to check the defences we have in place from a cyber-attack.
Where we use software or computing services provided by third parties, we seek to agree standards of data care and security in common with our own. Where that is not possible, we satisfy ourselves that they understand the obligations on them to protect our data and process it in a lawful manner. In some instances, the use of these services will involve the movement of data to and from countries outside of the UK and EEA.
We respect the value and importance of your data. The GDPR provides a positive framework that we have utilised to ensure that we employ best practice and streamline process within our organisation.
Please do not hesitate to contact us at firstname.lastname@example.org should you have any queries regarding our approach.