How does GDPR affect finance teams?
The implications, responsibilities and how to make compliance easier
The long awaited GDPR deadline of 25th May has required organisations to prepare their compliance strategies with both the specific and more general principals of the directive.
At the heart of GDPR is data privacy and protection for individuals, and the legislation’s purpose is to put privacy rights centre stage.
Accordingly, it requires organisations across Europe to ensure that data privacy is ‘designed’ into business operations through clear policies and procedures.
New rules on accountability also mean that harsher penalties can be imposed on those that transgress.
Far-reaching implications
The new GDPR rules affect almost every department in the business.
- Finance teams must take measures to keep sensitive finance documents secure, and maintain a record of transactions
- IT departments across the EU have been tasked with tightening up network security
- Marketing teams must find different ways to target and communicate with prospective customers
- HR departments must safeguard personal data of job applicants and of current and former employees
- Senior managers must understand and accept their responsibilities and be accountable for their actions
GDPR responsibilities of finance teams
The finance team of any business organisation deals with the most sensitive data. Not just sales and profit, but employee salaries and banking details, payment details of suppliers and bank details of customers.
It’s an absolute goldmine of information for hackers.
GDPR-compliant protection of this highly sensitive data requires new policies, processes and procedures, and new levels of personal vigilance and responsibility on the part of staff. It’s particularly important as much of this data is held in different forms such as on-premise servers, PCs, in the cloud and in paper filing cabinets – even in desktop paper trays.
With GDPR, the processes that generate and process this data in its various forms need to be examined and improved.
Where GDPR requires process change
Document management is at the heart of every finance department. At every stage of the process from generation to capture, storage and retrieval, GDPR means new measures must be taken.
For organisations that generate, receive or process large volumes of paper invoice and purchase orders, this is a particular headache.
Let’s look at a few of the key ways in which GDPR will impact on this:
Generation, receipt, processing and approval of documents
Whatever stage the finance document goes through, care must be taken to safeguard its security so that personal details are kept secure.
Secure document archiving
Paper documents containing personal data must be archived securely, for instance by being kept in a locked cabinet. Archives may be held in a single location or across multiple sites and must be secured to prevent unauthorised access.
Customer right of access
Customers (and other individuals such as employees, contractors and suppliers) have the right to request copies of any documents and any data that is held on them. When requested to do so, organisations must retrieve this data from archive and supply it to the requester.
Right of removal
Individuals may also request that any and all data and documents held on them or about them are destroyed (obviously subject to statutory accountancy rules). In any event, all such data must be covered by an accessible privacy policy, which states how long the data will be retained, after which it will destroyed.
Transaction trails
Organisations must keep records of what data they process, how they process it and be able to report on this processing.
Making GDPR compliance easier
The potential burden of these new rules will be significant, but for organisations that use paper documents in their finance processes, the impact on overall business efficiency is likely to be considerable.
However, help is at hand.
GDPR compliance for finance teams shouldn’t just be about changing or improving existing paper-based finance processes.
It offers an opportunity to introduce electronic document management. By converting manual, paper-based finance process to online and cloud-based processes, there are massive time and cost savings to be made.
Zetadocs for NAV can automate many manual finance processes such as invoice delivery, sales order processing, payments and collection management, statement delivery, expense management and approvals.
In addition, Zetadocs radically speeds up reporting, archiving and retrieval processes – and automatically retains a complete record of all processing transactions.
Check out Zetadocs for yourself here. Or alternatively, email sales@equisys.com.
To read more about our own broader GDPR commitment, click here, or view our updated privacy policy here.