The European Union Agency for Network and Information Security (ENISA) published guidelines to help SMEs to adopt a risk-based approach for the security of the personal data they process.
The EU’s General Data Protection Regulation (GDPR) requires businesses acting as data controllers or data processors to ensure the security of personal data through a risk-based approach. E.g. higher risks should lead to more rigorous measures.
However, ENISA acknowledges that SMEs might not always have the necessary expertise and resources to adopt such an approach. Its guidelines aim therefore to facilitate SMEs in understanding the context of the personal data processing and to assess themselves, through a questionnaire, the associated security risks. ENISA also proposes possible organizational and technical security measures which can be adopted by SMEs in order to achieve compliance with the GDPR.
Small and medium practitioners are advised to take note of these guidelines and to use them to prepare themselves for the entering into force of the GDPR on 25 May 2018.
The UK’s Information Commissioner’s Office (ICO), the authority that upholds information rights in the UK, fined Norfolk County Council (Norflok) for non-compliance with data protection rules.
As part of an office move, Norfolk got rid of some furniture, including filing cabinets that were used by the children’s social work team. Norfolk did not have a written procedure to determine who was responsible for emptying the cabinets, which did not occur. As a result, one person buying some of the furniture got case files with sensitive information.
ICO found that Norfolk did not have appropriate measures in place against unauthorised processing of personal data and against accidental loss or destruction of personal data. Norfolk received a penalty of £60,000.
This case shows the importance of having proper data protection procedures, regardless of whether you are in the cloud or using paper files.
In a new report, the OECD focuses on how technology can be a powerful tool for tax authorities to identify tax evasion and fraud.
The study looks at how technology can be used to address electronic sales suppression and false invoicing, as well as issues related to the cash and the sharing economy. Moreover, the report provides real examples of tax authorities that achieved successes in preventing and detecting tax evasion and fraud through the use of technology solutions.
For example, Quebec (Canada) recovered EUR 822 million in taxes following the introduction of sales recording modules into the restaurant industry. The module reduced the time required to audit a restaurant from 70 to 3 hours. As a result, the tax authority increased the number of inspections from 120 to 8000 per year. The authors also point out the benefits for business, which can now be audited electronically and remotely.
The authors hope that the report will encourage other tax authorities to consider whether the same approach may be effective in their jurisdiction.
As announced in the CMU Action Plan, the European Commission has published its public consultation on FinTech. The consultation seeks stakeholder input to further develop and inform the Commission’s policy approach towards technological innovation in financial services, in particular on:
The stakeholder feedback will be crucial in steering the Commission’s approach and principles on FinTech. It will also enable the Commission to map which associations within the EU bubble are willing and able to be a solid partner in the EU approach towards FinTech.
The deadline for answering to the consultation is on 15 June.
A group within the Delaware State Bar Association’s Corporation Law Section has proposed to allow the use of distributed ledger technology (DLT) to create and manage corporate records.
The proposed legislation is still in an early stage of adoption. The Corporation Law Section first needs to approve the bill before it can even be formally introduced in the Delaware General Assembly.
However, it is not the first time that Delaware is considering the use of DLT in company law. The US State already started experimenting with the use of DLT to register companies, track share movements, and manage shareholder communications.
If successful, this type of legislative experiments might influence EU legislation and the profession’s work.
The European Commission published its Digital Economy and Society Index (DESI). This tool seeks to measure the digital performance of EU Member States in a variety of areas, ranging from connectivity and digital skills to the digitisation of businesses and public services.
Overall, the EU improved its digital performance compared to last year. The top performers are Denmark, Finland, Sweden, and the Netherlands. To find out how your country performs, please click here.
In May, the Commission intends to carry out a mid-term review of its Digital Single Market Strategy in order to identify where further efforts may be needed.
The European Commission released its 2017 Rolling Plan on ICT Standardisation. This plan provides an overview of EU policy areas in need for ICT standards.
There are different areas in which ICT standardisation activities are relevant for the accountancy profession. This includes:
The Rolling Plan on ICT Standardisation is complementary to other instruments, such as the annual Union work programme. It does not provide a comprehensive overview of the work programmes of the various standardisation bodies.
The Institute of Chartered Accountants in England and Wales released a publication on big data and data analytics. In it, three broad questions are addressed: i) What’s creating big data? ii) What are the opportunities and risks? iii) How do we exploit it?
Accountants can exploit big data and analytics in different ways. For example, they can improve the efficiency and quality of audit activities through analysis of whole data sets or use more sophisticated outlier and exception analysis to improve internal control and risk management.
However, the authors warn that this would require greater knowledge in the theory and practice of statistics than many accountants currently have. They believe accountants would need to acquire at least enough knowledge to be an ‘intelligent buyer’.
The Chartered Institute of Public Finance and Accountancy released an opinion on the social consequences of the increasingly dominant role of technology. One of the authors core statements is to look at what robots can do better, and focus people on doing the things that humans do best.
By 2030, robots or smart machines are forecast to have an IQ higher than 99% of humans. The Bank of England estimates that, by then, up to 15 million jobs in Britain – almost half – will be at risk of being lost. (John Thornton)
The piece with dramatic title prefaces with comparing a 2013 report that concluded that 47% of jobs would be susceptible to automation within the next 20 years with a latest report which not only supports the 2013 report but also suggests the jobs are already lost and unlikely to come back. The authors objective is to conclude and provide an overview of the debate on “whether or not robots are going to take our jobs”.
What lends the NBER report added authority is it doesn’t rely on modelling to predict what robots are likely to do to jobs in the future, but on hard data to look at what robots are already doing to jobs in the present.(Greg Jericho)
Brian Forde, the Senior Lecturer for Bitcoin and Blockchain at MIT and former White House senior advisor answers nine questions about Blockchain-based solutions and their potential to make government operations more efficient and improve the delivery of public services, while simultaneously increasing trust in the public sector. In summary, digital technologies reduce transactional frictions among buyers and sellers in commercial markets, while governments still lack behind. Blockchain technology must be supported by a collaboration between the public and private sector in developing smart standards and regulation. Mr Forde believes that the absence of legacy financial systems in rapid growth countries will allow blockchain innovation to take place much faster.