{"id":4245,"date":"2018-04-18T10:00:16","date_gmt":"2018-04-18T09:00:16","guid":{"rendered":"https:\/\/www.sage.com\/en-gb\/blog\/?p=4245"},"modified":"2026-01-29T10:38:50","modified_gmt":"2026-01-29T10:38:50","slug":"gdpr-readiness-plan","status":"publish","type":"post","link":"https:\/\/www.sage.com\/en-gb\/blog\/gdpr-readiness-plan\/","title":{"rendered":"GDPR readiness plan: 5 steps for accountants to help clients"},"content":{"rendered":"<header class=\"entry-header has-dark-background-color entry-header--has-illustration entry-header--has-illustration--generic\">\n\t<div class=\"container\">\n\t\t<div class=\"entry-header__row row align-center\">\n\t\t\t<div class=\"col col-lg-7 col-xlg-6 entry-header__content\">\n\t\t\t\t\t\t\t<div class=\"component component-single-header\">\n\t\t\t\t\t\t\t\t\t\t<div class=\"entry-header__misc text--subtitle text--uppercase text--small\">\n\t\t\t\t\t\t\t<a href=\"https:\/\/www.sage.com\/en-gb\/blog\/category\/strategy-legal-operations\/\" class=\"entry-header__link\">Strategy, Legal &amp; Operations<\/a>\t\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t<div class=\"entry-title-wrapper\">\n\t\t\t\t\t<h1 class=\"entry-title\">\n\t\t\t\t\t\tGDPR readiness plan: 5 steps for accountants to help clients\t\t\t\t\t<\/h1>\n\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\t<p class=\"entry-header__description\">\n\t\t\t\t\t\t\t\t\t\t\t<\/p>\n\t\t\t\t\n\t\t\t\t\n\t\t\t\t\n\t\t\t<\/div>\n\n\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t<\/div>\n\t<div class=\"single-post-details container\">\n\t\t<div class=\"col\">\n\t\t\t<span class=\"posted-on \"><time class=\"entry-date published\" datetime=\"2018-04-18T10:00:16+01:00\">18 April, 2018<\/time><\/span><span class=\"reading-time\"> min read<\/span>\n\t\t<button\n\t\t\ttype=\"button\"\n\t\t\tclass=\"social-share-button button button--icon button--secondary js-social-share-button\"\n\t\t\tdata-share-title=\"GDPR readiness plan: 5 steps for accountants to help clients\"\n\t\t\tdata-share-url=\"https:\/\/www.sage.com\/en-gb\/blog\/gdpr-readiness-plan\/\"\n\t\t\tdata-share-text=\"Please read this interesting article\"\n\t\t>\n\t\t\t<span class=\"social-share-button__share-label\">Share<\/span>\n\t\t\t<span class=\"social-share-button__copy-label\" hidden>Copy Link<\/span>\n\t\t\t<span class=\"social-share-button__copy-tooltip\" aria-hidden=\"true\" hidden>Copied<\/span>\n\t\t<\/button>\n\n\t\t\t\t<\/div>\n\t<\/div>\n<\/header>\n\n\n\n<div class=\"wp-block-post-author has-dark-background-color alignfull\">\n\t<div class=\"container\">\n\t\t<div class=\"col\">\n\t\t\t\t\t\t\t<div class=\"co-authors\">\n\t\t\t\t\t\n\t\t<div class=\"entry-author-wrapper\">\n\t\t\t<a class=\"entry-author\" href=\"https:\/\/www.sage.com\/en-gb\/blog\/author\/staceymcintosh\/\">\n\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"40\" height=\"40\" src=\"https:\/\/www.sage.com\/en-gb\/blog\/wp-content\/uploads\/sites\/10\/2018\/11\/Stacey-McIntosh-350-1.jpg\" class=\"entry-author__image\" alt=\"\" \/>\t\t\t\t<span class=\"entry-author__name\">Stacey McIntosh<\/span>\n\t\t\t<\/a>\n\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t<\/div>\n<\/div>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<div class=\"video-container-wrap -mode-full\"><div class=\"video-container\"><video\n\t\t\t\tclass=\"sage-video video-js vjs-default-skin \"\n\t\t\t\twidth=\"640\"\n\t\t\t\theight=\"360\"\n\t\t\t\tdata-setup='{ \"controls\": true, \"aspectRatio\" : \"16:9\", \"poster\": \"https:\/\/img.youtube.com\/vi\/Q6D6nLX8P1w\/maxresdefault.jpg\", \"techOrder\": [\"youtube\"], \"enablejsapi\": 1, \"origin\": \"https:\/\/www.sage.com\", \"sources\": [{ \"type\": \"video\/youtube\", \"src\": \"https:\/\/www.youtube.com\/watch?v=Q6D6nLX8P1w\"}], \"youtube\": { \"ytControls\": 0, \"cc_load_policy\": 3, \"modestbranding\": 1, \"hl\": \"en_GB\", \"playsinline\": 1 } }'\n\t\t\t\tcrossorigin=\"\"><\/video><\/div><\/div>\n<\/div><\/figure>\n\n\n\n<p>It\u2019s only a matter of weeks before the <a href=\"https:\/\/www.sage.com\/en-gb\/blog\/what-is-the-gdpr\/\">General Data Protection Regulation<\/a> (GDPR) comes into force. On 25 May 2018, your accountancy practice <a href=\"https:\/\/www.sage.com\/en-gb\/blog\/gdpr-guide-accountants\/\">will need to be GDPR compliant<\/a>. As an accountant, your clients may also turn to you for advice on preparing for the new legislation. A GDPR readiness plan can help.<\/p>\n\n\n\n<p>Small and medium-sized businesses will be focusing on running and growing their firms and a part of that involves them relying on their network for guidance. As an accountant, you\u2019ll play a key role in this, which is why offering the necessary advice on <a href=\"https:\/\/www.sage.com\/en-gb\/gdpr\/\">the GDPR<\/a> will be vital for them.<\/p>\n\n\n\n<p>To assist your clients in their GDPR preparations, you will need to go through a few steps to determine what they need to do and how you can help them.<\/p>\n\n\n\n<p>By using a GDPR readiness plan, you can work with your clients to help them take the actionable steps required to make sure they are compliant. However, there\u2019s also a benefit for your practice in this too: the plan will help you to identify opportunities to offer additional services to your clients.<\/p>\n\n\n\n<p>Follow these steps to create GDPR readiness plans for your clients and it\u2019s worth working closely with them to implement the plans within their businesses.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-1-ask-questions\"><strong>1. Ask questions<\/strong><\/h2>\n\n\n\n<p>Start by finding out <a href=\"https:\/\/www.sage.com\/en-gb\/blog\/gdpr-12-important-things\/\">what your clients know about GDPR<\/a> \u2013 have they heard of the legislation? Are they starting to put plans in place to be compliant? Have they heard about the GDPR but are ignoring it as they want to focus on building their businesses? Or do they know exactly what they are doing but need some help to be fully prepared?<\/p>\n\n\n\n<p>Once you know the answers to these questions, you can start to build a plan. Other questions worth asking include the following:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Have you mapped out the processes across your business that will involve personal information?<\/li>\n\n\n\n<li>How is data stored at your business \u2013 what is digital and what is hard copy?<\/li>\n\n\n\n<li>Who has access to the data that is stored at your business?<\/li>\n\n\n\n<li>How will you make sure all employees are aware of GDPR and can comply with it?<\/li>\n\n\n\n<li>How will you make sure your suppliers are compliant with GDPR?<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-2-determine-the-goals-of-the-gdpr-readiness-plan\"><strong>2. Determine the goals of the GDPR readiness plan<\/strong><\/h2>\n\n\n\n<p>Use the answers that you\u2019ve obtained from the questions asked with your clients on where they are with their GDPR preparations to build the goals for the plan.<\/p>\n\n\n\n<p>For example, you might find that your client is close to being ready for the GDPR but needs help with an <a href=\"https:\/\/www.sage.com\/en-gb\/blog\/gdpr-staff-data-management\/\">awareness campaign for their employees<\/a>, so they know about the legislation and what it means for their roles.<\/p>\n\n\n\n<p>By taking this step, you will also determine which aspects of the GDPR matter most to their business. Remember, this isn\u2019t a simple box-ticking exercise \u2013 it needs to be focused to draw clarity on any <a href=\"https:\/\/www.sage.com\/en-gb\/blog\/gdpr-what-employers-need-to-know\/\">GDPR privacy risks<\/a> that your clients may face.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-3-create-a-data-strategy\"><strong>3. Create a data strategy<\/strong><\/h2>\n\n\n\n<p>This is a really important step as it will help your clients to understand the types of data they need to hold, who it\u2019s about, how it will be processed in a way that is GDPR compliant and the necessary investment to make sure it\u2019s possible to deliver on this strategy.<\/p>\n\n\n\n<div class=\"single-cta\">\n\t<div class=\"single-cta__positioner\">\n\t\t<div class=\"single-cta__wrapper has-dark-background-color\">\n\t\t\t<div class=\"single-cta__content\">\n\t\t\t\t\t\t\t\t<h2 class=\"single-cta__title h3\">GDPR webinar<\/h2>\n\n\t\t\t\t\t\t\t\t\t<div class=\"single-cta__description\">\n\t\t\t\t\t\t<p>Join us for a live webinar so you have a better understanding of GDPR, which came into force on 25 May 2018, and learn about how the legislation can benefit your business.<\/p>\n\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<a\n\t\t\t\t\t\thref=\"http:\/\/sageu.com\/en-gb\/gdpr.html\"\n\t\t\t\t\t\tclass=\"single-cta__button button button--primary\"\n\t\t\t\t\t\t\t\t\t\t\t\t\tid=\"cta-id-4049\"\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tdata-button-location=\"cta_box\"\n\t\t\t\t\t\t\t\t\t\t\t>Find out more<\/a>\n\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t<img decoding=\"async\" width=\"999\" height=\"666\" src=\"https:\/\/www.sage.com\/en-gb\/blog\/wp-content\/uploads\/sites\/10\/2018\/03\/30521_All-Uses.jpg\" class=\"single-cta__image\" alt=\"Here are five ways to save money for your business\" loading=\"lazy\" srcset=\"https:\/\/www.sage.com\/en-gb\/blog\/wp-content\/uploads\/sites\/10\/2018\/03\/30521_All-Uses.jpg 999w\" sizes=\"auto, (min-width: 48em) 33vw, 100vw\" \/>\t\t\t<\/div>\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-4-determine-the-outcomes-of-the-gdpr-readiness-plan\"><strong>4. Determine the outcomes of the GDPR readiness plan<\/strong><\/h2>\n\n\n\n<p>To be GDPR compliant, a data protection solution needs to be appropriate for an individual business. That means the solution for one business is likely to be different for another. By determining the necessary outcomes, you can help your clients with what they need to do.<\/p>\n\n\n\n<p>There are some key focus areas that need to be considered here:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Governance:<\/strong> Understand what personal data clients hold and how they plan to manage it.<\/li>\n\n\n\n<li><strong>Individual rights:<\/strong> Be clear on what individuals can request and what they have rights over. Set up your processes accordingly to handle these requests.<\/li>\n\n\n\n<li><strong>Breach reporting:<\/strong> Put in place robust incident management procedures to be compliant with the GDPR requirement for reporting data breaches to the regulator within 72 hours.<\/li>\n\n\n\n<li><strong>Reliance on third parties:<\/strong> Data controllers need to understand how their supply chain handles data. The necessary contracts with appropriate clauses, retention periods and audit trails must be in place in time for GDPR enforcement.<\/li>\n\n\n\n<li><strong>Training:<\/strong> Identify what level of training your clients\u2019 employees will require to understand the requirements of the GDPR. HR and marketing departments are two areas of a business that may have more exposure to personal data, so employees working within them might need more training and support.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-5-put-the-gdpr-readiness-plan-into-play\"><strong>5. Put the GDPR readiness plan into play<\/strong><\/h2>\n\n\n\n<p>Once you and your clients have their <a href=\"https:\/\/www.sage.com\/en-gb\/blog\/gdpr-preparation\/\">GDPR plans in place<\/a>, the most important step is to carry them out. GDPR compliance doesn\u2019t simply require that your clients are ready for the date the legislation comes into force, it also means they must be able to demonstrate how their business is collecting, using, retaining, disclosing and destroying personal data in line with the requirements.<\/p>\n\n\n\n<p>Your clients will find their working processes are likely to change in order to be compliant and this is something that needs to be sustained. To make sure they are in line with what\u2019s required of them, they will need:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A clear, documented, risk management framework<\/li>\n\n\n\n<li>Personal data to be kept up to date and accessible in response to data subject requests<\/li>\n\n\n\n<li>To define roles and responsibilities for data privacy \u2013 this must be audited regularly<\/li>\n\n\n\n<li>To create policies, processes and procedures that are well managed and fit for purpose<\/li>\n\n\n\n<li>Transparency with third parties relating to what they\u2019re doing with the company\u2019s data<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-final-thoughts\"><strong>Final thoughts<\/strong><\/h2>\n\n\n\n<p>By taking the time to go through a GDPR plan for your clients, they will be clearer in what they need to do to be ready for the legislation coming into force and can take the necessary steps to change their data processes.<\/p>\n\n\n\n<p>And remember, as an accountancy firm, if your business hasn\u2019t taken these steps yet, it\u2019s worth beginning the process now to prepare for the GDPR.<\/p>\n\n\n\n<div class=\"single-cta gated-content\">\n\t<div class=\"single-cta__positioner\">\n\t\t<div class=\"single-cta__wrapper has-dark-background-color\">\n\t\t\t<div class=\"single-cta__content\">\n\t\t\t\t\t\t\t\t<h2 class=\"single-cta__title h3\">GDPR Guide For Accountants And Bookkeepers<\/h2>\n\n\t\t\t\t\t\t\t\t\t<div class=\"single-cta__description\">\n\t\t\t\t\t\t<p>As an accountant or bookkeeper, it\u2019s important that you have\u00a0a good understanding of what the GDPR means for your practice and your clients. Get up to speed with your free guide.<\/p>\n\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<a\n\t\t\t\t\t\thref=\"#gate-e1f7c79f-e3da-4d85-8988-f82685b292f8\"\n\t\t\t\t\t\tclass=\"single-cta__button button button--primary\"\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t>Download your free guide<\/a>\n\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t<img decoding=\"async\" width=\"999\" height=\"666\" src=\"https:\/\/www.sage.com\/en-gb\/blog\/wp-content\/uploads\/sites\/10\/2018\/02\/SAGE_CROWDSTACKER_061117_0312_All-Uses.jpg\" class=\"single-cta__image\" alt=\"Democratising AI could really benefit your business\" loading=\"lazy\" srcset=\"https:\/\/www.sage.com\/en-gb\/blog\/wp-content\/uploads\/sites\/10\/2018\/02\/SAGE_CROWDSTACKER_061117_0312_All-Uses.jpg 999w\" sizes=\"auto, (min-width: 48em) 33vw, 100vw\" \/>\t\t\t<\/div>\n<\/div>\n\n\n<div class=\"single-cta\">\n\t<div class=\"single-cta__positioner\">\n\t\t<div class=\"single-cta__wrapper has-dark-background-color\">\n\t\t\t<div class=\"single-cta__content\">\n\t\t\t\t\t\t\t\t<h2 class=\"single-cta__title h3\">Subscribe to the Sage Advice newsletter<\/h2>\n\n\t\t\t\t\t\t\t\t\t<div class=\"single-cta__description\">\n\t\t\t\t\t\t<p>Join more than 500,000 UK readers and get the best business admin strategies and tactics, as well as actionable advice to help your company thrive, in your inbox every month.<\/p>\n\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<a\n\t\t\t\t\t\thref=\"#gate-b1a63862-3fa0-4a5e-bb67-c76b88bbc6b8\"\n\t\t\t\t\t\tclass=\"single-cta__button button button--primary\"\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t>Subscribe now<\/a>\n\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t<img decoding=\"async\" width=\"1440\" height=\"810\" src=\"https:\/\/www.sage.com\/en-gb\/blog\/wp-content\/uploads\/sites\/10\/2022\/04\/GettyImages-1073797282-1-1440x810.jpg\" class=\"single-cta__image\" alt=\"\" loading=\"lazy\" srcset=\"https:\/\/www.sage.com\/en-gb\/blog\/wp-content\/uploads\/sites\/10\/2022\/04\/GettyImages-1073797282-1-1440x810.jpg 1440w\" sizes=\"auto, (min-width: 48em) 33vw, 100vw\" \/>\t\t\t<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>It\u2019s only a matter of weeks before the General Data Protection Regulation (GDPR) comes into force. On 25 May 2018, your accountancy practice will need to be GDPR compliant. As an accountant, your clients may also turn to you for advice on preparing for the new legislation. A GDPR readiness plan can help. Small and [&hellip;]<\/p>\n","protected":false},"author":346,"featured_media":3307,"menu_order":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_sage_video":true,"post_featured_image_hide":false,"footnotes":""},"categories":[9],"tags":[117,41],"business_type":[115],"lilypad":[],"context":[],"industry":[],"persona":[67],"imagine_tag":[220,138],"coauthors":[353],"class_list":["post-4245","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-strategy-legal-operations","tag-gdpr","tag-hr-process","business_type-accountants"],"sage_meta":{"region":"en-gb","author_name":"Stacey McIntosh","featured_image":"https:\/\/www.sage.com\/en-gb\/blog\/wp-content\/uploads\/sites\/10\/2017\/12\/GettyImages-527626523_super.jpg","imagine_tags":{"220":"Accountant accounting","138":"GDPR"}},"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Sage Advice UK","distributor_original_site_url":"https:\/\/www.sage.com\/en-gb\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/posts\/4245","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/users\/346"}],"replies":[{"embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/comments?post=4245"}],"version-history":[{"count":0,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/posts\/4245\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/media\/3307"}],"wp:attachment":[{"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/media?parent=4245"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/categories?post=4245"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/tags?post=4245"},{"taxonomy":"business_type","embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/business_type?post=4245"},{"taxonomy":"lilypad","embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/lilypad?post=4245"},{"taxonomy":"context","embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/context?post=4245"},{"taxonomy":"industry","embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/industry?post=4245"},{"taxonomy":"persona","embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/persona?post=4245"},{"taxonomy":"imagine_tag","embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/imagine_tag?post=4245"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/coauthors?post=4245"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}