The UK’s privacy regulator has called on accountants to play a key role in ensuring the country’s SMEs are compliant with rigorous data protection laws.
The Information Commissioner’s Office (ICO) said that research from 2021 revealed that around a third (34%) of smaller businesses trust their accountants for advice, while a fifth (20%) use these firms to keep abreast of developments in data protection and the GDPR.
It’s unclear what size of organization qualifies as an SME, according to the ICO.
The regulator published a series of questions for accountants to ask of their SME clients in order to enhance compliance across the small business community:
- How much does your client know about data protection compliance and the ICO?
- What types of personal information do they collect on a daily basis?
- Why are they holding this information?
- What security measures do they have in place to protect this data?
- Do they have a customer and employee-facing privacy notice?
- Do they know what a subject access request (SAR) is?
- Would they know what to do if their organization suffers a breach?
“SMEs have a lot to think about when running a business and it’s natural that they rely on their professional network for guidance as they look to grow their business. Accountants are a key part of this network and it’s clear from our engagement with SMEs that many of them are reliant on their accountant to ensure their business dealings are compliant with data protection laws,” argued ICO head of business services, Faye Spencer.
“We’re encouraging accountants across the UK to recognize the role they play and the value that they can add when it comes to offering peace of mind to clients running their own businesses.”
The long-term plan for the ICO is to help SMEs self-assess their compliance with data protection laws via a new SME Data Essentials scheme. It is currently piloting the scheme with 60 SMEs as part of a three-year ICO25 plan to reduce compliance costs whilst empowering SMEs to innovate and grow.