How do I integrate and automate securely, in line with GDPR?
The moment you start moving data between systems – especially client data – you need to pause and ask yourself, is this safe? And is it compliant? AIRPA’s software handles all that for you but if you’re using other systems, here are the questions you need to be asking.
The moment you start moving data between systems – especially client data – you need to pause and ask yourself, is this safe? And is it compliant? AIRPA’s tools provide a secure, enterprise-grade single logon approach everyone can afford – but whichever system you use, there are certain questions you need to ask.
The coming into effect of the EU’s general data protection regulation (GDPR) in the spring of 2018 seems a lifetime ago, given all that’s happened since. You might remember, though, that for many organisations, it felt like the end of the world.
Panicked by a lack of clarity over what client information they were allowed to store many deleted mailing lists they’d spent decades building, or asking people to opt-in again, taking a belt-and-braces approach.
Three years on, the dust has settled to a great degree – and culture secretary Oliver Dowden has also signalled his intention to withdraw the UK from GDPR in the wake of Brexit.
Nonetheless, the experience has made its mark. We’re now all much more conscious of how our own data is stored and used – not least because of those annoying cookie consent pop-ups that every website is obliged to serve – and of how we store and use our clients’ data.
With that in mind, you might instinctively feel that integrating multiple databases and applications is a data compliance risk.
If a client agrees that you can store their email address for the purposes of sending a monthly newsletter, for example, are you breaching the terms of that agreement if you pull that data into, say, Xero, or a third-party dashboard?
In most cases, though, integrating systems has improved transparency over the client data held by organisations and made GDPR compliance easier.
How integration helps with data security
AIRPA provides the option to search client records across all your systems and see all the results in a single dashboard. That’s not only helpful in managing your clients but also takes a lot of the pain out of subject access requests (SARs).
AIRPA provides the option to search client records across all your systems and see all the results in a single dashboard. It does that using an enterprise-grade single sign-on tool, OKTA, which gives smaller firms the same level of security and authentication usually reserved for the big boys.
The single logon and dashboard are not only helpful in managing your clients but also takes a lot of the pain out of subject access requests (SARs).
Through an SAR, anybody can ask to see the information an organisation holds on them. If your systems aren’t integrated, that can be a challenging job requiring manual searches of multiple databases – and even then you might not catch everything.
For example, these days, nobody ought to be storing phone numbers and email addresses in clunky old spreadsheets but, unfortunately, it still happens. However, as long as those documents are fully indexed and searchable via the cloud, they’ll show up in the AIRPA search results.
For accountants in particular, one particularly smart feature of AIRPA solves the problem of how you comply with both GDPR (the right to revoke permission for a third party to hold your data) and the statutory obligation for limited companies and self-employed people to retain their financial data for several years.
If one of your clients asks for their information to be permanently removed from your records, you can relinquish access to their data directly from your dashboard. This won’t delete anything but instead transfers control of their account to them. It’s then up to the client to manage or delete the data, as appropriate.
AIRPA also makes it easy to keep records up to date – another key principle in personal data management. Because the client information page pulls together the latest information from across your systems, all properly matched and mapped, you can quickly find every instance of, say, their postal address and update it universally.
Finally, our ‘export all data’ function means you can instantly produce a personal data report for any client that requests it, along with all files and attachments associated with that client.