Stories from Practice

3 December 2018

Worried about the GDPR? Call your accountant! by Marcel Vulpoi from CECCAR

The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years. Businesses are on the hook to comply with new data handling procedures. Can a business turn to its accountant for GDPR support? One multi-service accountancy firm in Romania is tackling its clients’ GDPR needs, and in doing so, becoming more than just their accountants.

Marcel Vulpoi, general manager of Vulpoi & Toader Management, describes how providing a GDPR service is a natural step in creating a ‘one-stop-shop’ for his clients.

SMEs struggle with the GDPR

The GDPR is completely new. Only 20% of businesses in Romania have heard of it, so a first challenge was to convince people of the importance of being prepared. Once they understand the consequences of ignoring the GDPR – fines and penalties and also how data breaches can damage reputation – they quickly recognise the value GDPR compliance. Once businesses are on board, often they struggle to know what steps to take. This is especially true for SMEs, who lack the resources in-house.

As an accounting practice, we already have full access to our clients; we have a deep understanding of their businesses, we know them inside and out, we know their weak points and strong points. We already provide a host of complementary services, such as lawyers, archiving, HR and IT, so our customers, some of whom have worked with us for 14 years, trust us 100% with their information.

We’re now more than just accountancy specialists to our clients, we’re trusted business advisors. With the explosion of ‘overnight specialists’ in the GDPR, it’s important that businesses, and SMEs in particular, engage reputable consultants they trust.

Lead by example

Our GDPR goal was to provide our clients with a ‘one-stop-shop’. So firstly, we looked inwards – if you’re going to offer GDPR compliance as a service, you should lead by example. We looked at our resources and structure, and we found we needed to fine-tune everywhere, updating software and finding new ways to protect data. We started to train relevant people before the GDPR entered into force and we’ve collaborated with reputable law and technical (IT/business processes) professionals. The technical and organisational solutions we implemented mean that we are now fully compliant.

The mentality that the GDPR is not for you or that you can do it yourself is wrong. That was the most important realisation, both for us and our clients. After performing an internal analysis and putting into operation the relevant remedies in our own organisation, it became easier to explain GDPR readiness to our clients and get the change mentality we desire. We now offer a series of GDPR related services that can be tailored to a client’s need, big or small.

Accountancy firms can effectively move into a support role for businesses struggling to comply with the GDPR. With this shift, we have expanded the role we can play for our clients and see many opportunities for this service to grow, especially with SME clients.

 

 


Connect with
the author on 

Related content

BlogGDPR one year on: its impact on auditors and accountants?

13 May 2019

PublicationGDPR: implications for auditors

6 December 2018

Consultation responseEC’s consultation on VAT in the digital age

30 March 2022

EventIntellectual property for accountants – train the adviser

25 March 2022

UpdateSME Update

24 March 2022

PublicationHow IP can help build risk resilient SMEs

24 March 2022

PublicationWar in Ukraine – what European accountants need to know

9 March 2022

In the mediaAccountancy Europe & the EUIPO: working together to support and guide SMEs

1 March 2022

UpdateSME Update

25 February 2022

PublicationVAT rates – greater flexibility for Member States

14 February 2022

Consultation responseEC’s consultation on Listing Act: support for ambitious simplified SMEs prospectus

3 February 2022

PublicationSupply chain sustainability assessment

28 January 2022

EventBecause Green Recovery Counts

27 January 2022

Consultation responseIAASB’s Exposure Draft on a New Standard for Audits of Less Complex Entities

26 January 2022

UpdateSME Update

21 January 2022

PublicationOur SME work: 2020 and 2021

21 December 2021

EventTrain the Advisor: Become an IP Expert for SMEs

16 December 2021

UpdateSME Update

10 December 2021

In the mediaSustainability reporting: why should SMEs care?

3 December 2021

EventA Global Solution for Auditing Less Complex Entities

19 November 2021

Consultation responseEU Taxonomy and Article 8 Delegated Act implementation need clarity

17 November 2021

UpdateSME Update

5 November 2021

Sign up for our newsletter

* indicates required
Would you like to subscribe to our newsletter?
On which topics would you like to receive news?