What about GDPR? - The Book-keepers Forum (UK)

Leger · Master Book-keeper

What about GDPR?

Artois · Guru

Hi John

Must admit I have known about it for a while but have just been putting it off, gonna have a good read up on it and see what is needed.

At the moment all my correspondence is done via email or post

Cheers

Leger · Master Book-keeper

Same here Doug, but email wherever possible.

Kinbuck · Senior Member

Leger wrote:
Cheshire wrote:
What about GDPR?
Wahey!! First time I've seen it mentioned on here. Are we all geared up ready to fly? I'm planning on implementing it properly from the start of April, but there's still some confusion as to exactly what is entailed.
So far, I know that I have to get all my clients to opt into me sending them emails, that confidential data (and that includes payslips) can't be sent by email unless the data is encrypted first, and that your website needs to have some sort of GDPR statement on it, akin to a privacy statement.

I've been mentioning it to my clients and I see their eyes glaze over...as have mine trying to understand/take it in wink Think I best get looking for a statement template to use as it's fast approaching

Casu · Senior Member

Statement template?

Artois · Guru

Been reading up on the ICO website and just putting this link on for others to have a look through

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/

Leger · Master Book-keeper

Thanks Doug, that's helpful.

Cheshire · Master Book-keeper

Casu wrote:
Statement template?

Hi Janet

I would be interested in what you mean by this as well as Casu

Do you mean the email disclaimer or something else?

Cheshire · Master Book-keeper

Hi John
Was half expecting you to have put something on about this wink

Have to admit to not really started it yet. I have a fabulous glossy booklet that arrived at one of my clients from their governing body (garages) so am going to be using that when I get the next bout of insomnia! It was the VAT 700 guide last time (2007!) so maybe I need to set some time aside for it.

I clocked the link on Moneysoft to the third party in their news item, almost offered to trial it but glad I didnt as I have no time. I was utterly gobsmacked to see the fees being suggested for that third party company, mentioned on that Aweb thread - OMG there are some software houses, including the well known ones, jumping on the lets screw accountants and businesses/print our own money bangwaggon that is GDPR, MTD and the VAT not being able to do via the software so you need to upgrade malarky.

To stpo the scare mongering - you dont need to do ANY of what they are just saying now! Encryption can be via other means, although I might just say - my software doesnt produce payslips like HMR's own software - so just make up your own. That or offering a hand delivery service wink biggrin confuse . For VAT - do it via HMRC, ie just logon at least until the next numpty idea of MTD comes into being! MTD - no-one knows yet so stop blithering panicking (thats not to you John as I know you arent! wink ).

Leger · Master Book-keeper

Cheshire wrote:
Hi John
Was half expecting you to have put something on about this

He he I was going to leave it until March but seeing as you'd mentioned it twice in one week I thought there's no time like the present.

GDPR starts on 25th May, but even the ICO haven't got the final details sorted yet, so I'm hanging on a while. As I said in the opening post, I'm planning on implementing it at the beginning of April.

But the hype has already started. I've seen 3 facebook ads this last week about GDPR, two of which will no doubt wanting expensive fees (the other was an accountant with a link to a website blog, which I should have saved and didn't cry )

Just reading up now on consent, and it's equally possible that I myself have fallen for some of the hype. (legitimate interests article 6 (1) (f) for example) Will look into it in some more detail over the next 4 weeks I think and put a framework together as to what exactly will be required of us.

I'm assuming Janet means a website statement template. If one is necessary I will post mine here for discussion first and, if it's fine to use, then anyone is welcome to use it.

Kinbuck · Senior Member

Cheshire wrote:
Casu wrote:
Statement template?
Hi Janet
I would be interested in what you mean by this as well as Casu
Do you mean the email disclaimer or something else?

Apologies for the delay (didn't get notifications for this one, oops)

Yes, I meant for email and website. Trying to put things into plain English isn't always easy for a Geordie Lass so it'll take me a while to get it right biggrin

Cheshire · Master Book-keeper

Whereabouts in Geordieland?

I switched notifcations off as they drove me mad, but them I just come on here daily as the unread items show up. Although now I come to mention it - I think there is a response very much overdue to someone on here about disposals - oops. Maybe later!

Kinbuck · Senior Member

Cheshire wrote:
Whereabouts in Geordieland?

I switched notifcations off as they drove me mad, but them I just come on here daily as the unread items show up. Although now I come to mention it - I think there is a response very much overdue to someone on here about disposals - oops. Maybe later!

I lived in Jarrow until I was married. I've lived in Scotland for the last 25 years but I haven't lost my accent and I still have occasional nights out on the Toon smile

I'm still finding my way round the forum...and I can lose hours reading posts biggrin

Cheshire · Master Book-keeper

Ahhh, I have a pal who lives in Whitley Bay so not a million miles away from where you were!

I dread to think what embarassing moments you are dredging up with your reading! wink biggrin

Kinbuck · Senior Member

Cheshire wrote:
Ahhh, I have a pal who lives in Whitley Bay so not a million miles away from where you were!

I dread to think what embarassing moments you are dredging up with your reading!

Used to go to Whitley Bay quite a bit and I used to swim in the sea at nearby Cullercoats bay every Sunday morning from Mar - Oct no matter what the weather. I was hardy in those days :)

Some of it makes quite entertaining reading. I particularly liked the conversation about the cakes you supply and the delivery van being intercepted...you're mad you lot biggrin biggrin

ps think I probably make a better cook than bookkeeper, but don't tell my clients

MarkS · Expert

I am sure there will be more detail about what we need to do over the next month or so. Already this week have received about 6 invites to webinars/downloads about GDPR.

As far as I am aware the following are the key points

1. You need to know where all personal data is stored for clients. Ours is mainly held in IRIS our accounts software and docusoft our document management software. But for many accountants they will hold info across many mediums eg; in hard copy files, spreadsheets, accounts software, etc.

2. You need to encrypt personal information you are sending to clients. We are covered for final accounts/tax as we use Hellosign to get things digitally signed but send payroll and draft accounts/tax by email so will need to get some encryption software (probably will get sharefile which is going to cost us £80 + VAT per month).

3. If you auto market to clients/prospects you need to reinvite them to opt in to approve you. We are moving to Active Campaign in next couple of months and was going to request opt in from everyone anyway.

There will be other miscellaneous things like terms on websites and footer emails but the above is I believe the main things to be aware off.

Suspect that most general businesses wont do anything differently.

VinceH · Expert

£80 a month just to encrypt some emails? FFS! I hope it does a LOT more for the money than just that - but that's the context in which you mentioned it.

John: IIRC you use Thunderbird. If so (and for anyone else who also uses it), here's how to add digital signing and encryption FOC: support.mozilla.org/en-US/kb/digitally-signing-and-encrypting-messages

I haven't done this myself, but obviously I'll have to - but probably more fun will be getting other people to do it. (Conversation with someone a few months ago. I thought it would be a good idea to mention the two issues to them - MTD and GDPR - because I hadn't heard them mention them once. They looked completely blankly back at me, and admitted they hadn't even heard the terms before.)

Cheshire · Master Book-keeper

Kinbuck wrote:
Cheshire wrote:
Ahhh, I have a pal who lives in Whitley Bay so not a million miles away from where you were!

I dread to think what embarassing moments you are dredging up with your reading!
Used to go to Whitley Bay quite a bit and I used to swim in the sea at nearby Cullercoats bay every Sunday morning from Mar - Oct no matter what the weather. I was hardy in those days :)
Some of it makes quite entertaining reading. I particularly liked the conversation about the cakes you supply and the delivery van being intercepted...you're mad you lot
ps think I probably make a better cook than bookkeeper, but don't tell my clients

Lol, now you know why I say welcome to the madhouse sometimes to the newbies! You have to be absolutely stark faving bonkers to do this job furious

If you find the original post about the van - the one with the piccie, then please send me the link as I cannot seem to find it!

Cheshire · Master Book-keeper

Hi Mark
Can you not use hellosign for any PDF? Only pondering - not looked at it!

PS - Did you ever get your glasswear last year?

Leger · Master Book-keeper

VinceH wrote:
£80 a month just to encrypt some emails? FFS! I hope it does a LOT more for the money than just that - but that's the context in which you mentioned it.

John: IIRC you use Thunderbird. If so (and for anyone else who also uses it), here's how to add digital signing and encryption FOC: support.mozilla.org/en-US/kb/digitally-signing-and-encrypting-messages

I haven't done this myself, but obviously I'll have to - but probably more fun will be getting other people to do it. (Conversation with someone a few months ago. I thought it would be a good idea to mention the two issues to them - MTD and GDPR - because I hadn't heard them mention them once. They looked completely blankly back at me, and admitted they hadn't even heard the terms before.)

To be fair to Mark that looks a pretty comprehensive kit, and will cost him around £4 a client. It's an encrypted portal, that allows clients to both send and receive documents instead of using email. I'm looking at something similar but not as comprehensive called the client space. Its around £17 a month inc VAT and gives me 100gb space. The client will log in and receive or send any data they want to. Primarily it's for web and graphic designers but will easily fit the bill I think. Going to start a 15 day trial on 15th March and if it suits will sign up for it.

I've looked at the link Vince but I think PGP will be beyond most of my clients.

MarkS · Expert

VinceH wrote:
£80 a month just to encrypt some emails? FFS! I hope it does a LOT more for the money than just that - but that's the context in which you mentioned it.

Yes, basically it can do 3 things

1. Encrypt emails

2. Store documents online

3. Provide client portal for electronic signing

We really only need point 1 sorted as have the other 2 covered elsewhere and dont want to change.

I was at a 2020 seminar today in Edinburgh and another system called "Egress" was mentioned that does something similar. However 2020 and Proactivtax, both of which I am a member off both recommend Sharefile, so that's good enough for me.

I have trialled Sharefile in the past (about a year ago) and have a revisit demo set up for tomorrow but it is easy to use and we need to get something in place or we wont be compliant.

The £80 per month cost covers 5 employees accounts. We currently have 5 employees who will need to use it and have 2 others starting in the next few months which will cost another £16 so £96 for 7 employees per month although another cost will be something we will need to pay for.

MarkS · Expert

Cheshire wrote:
Hi Mark
Can you not use hellosign for any PDF? Only pondering - not looked at it!

PS - Did you ever get your glasswear last year?

Yeah we use Hellosign to get final accounts/tax etc electronically signed which are sent as PDFs. However we like to send drafts by email so we can add some comments eg change in sales, profit and the reasons, tax liability due and when, balances in the balance sheet eg DLA. We have template emails set up for different scenarios so easy enough to use the template and change the figures where appropriate.

Yes, got award done last year. Sits in my office. With hindsight would have removed the "2016" as looks dated now. Attach pic.

Cheshire · Master Book-keeper

MarkS wrote:
Cheshire wrote:
Hi Mark
Can you not use hellosign for any PDF? Only pondering - not looked at it!

PS - Did you ever get your glasswear last year?
Yeah we use Hellosign to get final accounts/tax etc electronically signed which are sent as PDFs. However we like to send drafts by email so we can add some comments eg change in sales, profit and the reasons, tax liability due and when, balances in the balance sheet eg DLA. We have template emails set up for different scenarios so easy enough to use the template and change the figures where appropriate.
Yes, got award done last year. Sits in my office. With hindsight would have removed the "2016" as looks dated now. Attach pic.

What, you had to get your own award done?!!!

Mind you, it looks good!

MarkS · Expert

Cheshire wrote:
MarkS wrote:
Cheshire wrote:
Hi Mark
Can you not use hellosign for any PDF? Only pondering - not looked at it!

PS - Did you ever get your glasswear last year?
Yeah we use Hellosign to get final accounts/tax etc electronically signed which are sent as PDFs. However we like to send drafts by email so we can add some comments eg change in sales, profit and the reasons, tax liability due and when, balances in the balance sheet eg DLA. We have template emails set up for different scenarios so easy enough to use the template and change the figures where appropriate.
Yes, got award done last year. Sits in my office. With hindsight would have removed the "2016" as looks dated now. Attach pic.
What, you had to get your own award done?!!!
Mind you, it looks good!

Yeah, never received anything and when I asked if you would didnt get a reply. So ended up just getting one done myself.

Princess · Senior Member

I've read this with interest. I use Moneysoft and was a bit concerned about the payslips so I called the ICO. They said that as long as the payslips are password protected they can continue to be emailed as before. No need for encryption, just password protection.

BudgetB · Guru

Good to see another HelloSign user! We started using it at the end of last year, oh my goodness it has streamlined the signing of accounts and tax returns so much!!

We already use Moneysoft (although I would pay double for an online version happily as it's now our only non cloud based system) so we've been pushing the passwords for payslips thing for a while.

We've got 2SV now set up on everything that it can be, and I'm looking at Dashlane or something similar to deal with passwords for our various logins.

My only hurdle left, I think is the draft accounts/tax calcs etc. I'll have to have a look into some of the suggestions in this thread I think. I don't really know what the best way forward is to be honest.

That said, a list tailored to accountants of exactly what we have to do would be really helpful as it just seems to be working off peoples interpretations all the time, so you get a different opinion depending on who you speak to!

VinceH · Expert

"That said, a list tailored to accountants of exactly what we have to do would be really helpful as it just seems to be working off peoples interpretations all the time, so you get a different opinion depending on who you speak to!"

To be fair, while GDPR is an EU-wide thing, it does go hand in hand in the UK with the new Data Protection Bill (the latter deals in some respect with UK-specifics with the GDPR - other countries should have their own equivalent). So until the DPB has passed into law (I think it's only just gone through its second reading in parliament), interpretations are likely to vary, and will be opinion-based. The two need to be taken together.

morgwick · Senior Member

Hi sorry to gatecrash,

Been a while since I was last on here. I run a small bookkeeping practice, part-time.

I was just wondering, do you have to physically resend contracts to all existing clients? I don't do marketing, so no opt in required. I've updated the security in the office and the privacy policy, which I have asked customers to familiarise themselves with.
All new customers will have a new updated contract to sign, but curious about the existing ones?

Thanks
Gill

Cheshire · Master Book-keeper

morgwick wrote:
Hi sorry to gatecrash,

Been a while since I was last on here. I run a small bookkeeping practice, part-time.

I was just wondering, do you have to physically resend contracts to all existing clients? I don't do marketing, so no opt in required. I've updated the security in the office and the privacy policy, which I have asked customers to familiarise themselves with.
All new customers will have a new updated contract to sign, but curious about the existing ones?

Thanks
Gill

Covered in the other thread methinks

Cheshire · Master Book-keeper

Did you find it Gill?

I couldnt link it in last night!

Can you remind me - what body you are with? (or if QBE, what tpye of work you do?) Answer dependent on that.

morgwick · Senior Member

Thanks Joanne, yes had a look at the other thread. I think its all as clear as mud

I'm not with a body, I work alongside an accountant and don't get involved with tax etc, I just dealing with the paperwork to TB etc.

Cheshire · Master Book-keeper

morgwick wrote:
I think its all as clear as mud

Know what you mean confuse

Most of the prof bodies as I understand it have not yet fully re-written their new Letters of Engagement, in part because the guidance from ICO was changing daily, plus the Act was only given Royal Assent on 23rd May with it coming into Law on 25th. So they rightly wanted time to make their full assessments of the law, based on the actual law, rather than the guesses and half assumptions around before 25th. One body has specifically stated that it will be mid summer before their fully revised letters will be available.

In the menatime they suggest that you do an addendum document to cover off the privacy issues etc. Or you may need to do such where someone refuses to sign a new document (lets face it some of them take an age to sign them in the first instance!). Ive done that for mines, plus a seperate data processor agreement where required (eg for if you process payroll, such is good practice. Ive also done the processor agreement for those I do invoicing for.)

Hope that helps at least a little bit!