The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years. Businesses are on the hook to comply with new data handling procedures. Can a business turn to its accountant for GDPR support? One multi-service accountancy firm in Romania is tackling its clients’ GDPR needs, and in doing so, becoming more than just their accountants.
Marcel Vulpoi, general manager of Vulpoi & Toader Management, describes how providing a GDPR service is a natural step in creating a ‘one-stop-shop’ for his clients.
SMEs struggle with the GDPR
The GDPR is completely new. Only 20% of businesses in Romania have heard of it, so a first challenge was to convince people of the importance of being prepared. Once they understand the consequences of ignoring the GDPR – fines and penalties and also how data breaches can damage reputation – they quickly recognise the value GDPR compliance. Once businesses are on board, often they struggle to know what steps to take. This is especially true for SMEs, who lack the resources in-house.
As an accounting practice, we already have full access to our clients; we have a deep understanding of their businesses, we know them inside and out, we know their weak points and strong points. We already provide a host of complementary services, such as lawyers, archiving, HR and IT, so our customers, some of whom have worked with us for 14 years, trust us 100% with their information.
We’re now more than just accountancy specialists to our clients, we’re trusted business advisors. With the explosion of ‘overnight specialists’ in the GDPR, it’s important that businesses, and SMEs in particular, engage reputable consultants they trust.
Lead by example
Our GDPR goal was to provide our clients with a ‘one-stop-shop’. So firstly, we looked inwards – if you’re going to offer GDPR compliance as a service, you should lead by example. We looked at our resources and structure, and we found we needed to fine-tune everywhere, updating software and finding new ways to protect data. We started to train relevant people before the GDPR entered into force and we’ve collaborated with reputable law and technical (IT/business processes) professionals. The technical and organisational solutions we implemented mean that we are now fully compliant.
The mentality that the GDPR is not for you or that you can do it yourself is wrong. That was the most important realisation, both for us and our clients. After performing an internal analysis and putting into operation the relevant remedies in our own organisation, it became easier to explain GDPR readiness to our clients and get the change mentality we desire. We now offer a series of GDPR related services that can be tailored to a client’s need, big or small.
Accountancy firms can effectively move into a support role for businesses struggling to comply with the GDPR. With this shift, we have expanded the role we can play for our clients and see many opportunities for this service to grow, especially with SME clients.