{"id":4504,"date":"2018-06-11T15:32:05","date_gmt":"2018-06-11T19:32:05","guid":{"rendered":"https:\/\/www.sage.com\/en-us\/blog\/?p=4504"},"modified":"2026-02-12T05:21:52","modified_gmt":"2026-02-12T10:21:52","slug":"gdpr-for-finance-professionals","status":"publish","type":"post","link":"https:\/\/www.sage.com\/en-us\/blog\/gdpr-for-finance-professionals\/","title":{"rendered":"GDPR for finance professionals: 3 things you need to know"},"content":{"rendered":"
\n\t
\n\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\tMoney Matters<\/a>\t\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t
\n\t\t\t\t\t

\n\t\t\t\t\t\tGDPR for finance professionals: 3 things you need to know\t\t\t\t\t<\/h1>\n\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\t

\n\t\t\t\t\t\t\t\t\t\t\t<\/p>\n\t\t\t\t\n\t\t\t\t\n\t\t\t\t\n\t\t\t<\/div>\n\n\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t<\/div>\n\t

\n\t\t
\n\t\t\t
\n\t\t\t
\n\t\t\t\n\t\t
\n\t\t\t\n\t\t\t\t\"Keir\t\t\t\tKeir Thomas-Bryant<\/span>\n\t\t\t<\/a>\n\n\t\t\t\t\t<\/div>\n\n\t\t\t\t<\/div>\n\t\t<\/div>\n\n\n\n

The deadline for compliance with the European Union\u2019s (EU\u2019s) General Data Protection Regulation (GDPR)<\/a> was last month. It affects all businesses and as finance professionals, you need to know what it means for you and your company.<\/p>\n\n\n\n

The focus is on personal data, or data about individuals, and is a significant shake-up<\/a> that affects any sole trader, partnership, corporation, public authority, agency or another body that processes the personal data of individuals who are based in the EU. This includes suppliers and other third parties a company might use to process personal data on their behalf.  <\/span><\/p>\n\n\n\n

Businesses in all industries work with personal data such as contact details, bank account information and National Insurance numbers. These belong to customers, suppliers, sub-contractors, and employees, and must all be secured under the new regulation. <\/span><\/p>\n\n\n\n

Let\u2019s look at three examples of how the GDPR might affect finance professionals<\/a> during their day-to-day work.<\/p>\n\n\n\n

1. Don\u2019t get caught out by international transfers<\/strong><\/h2>\n\n\n\n

Regulatory compliance might be viewed by many as an administrative burden. However, ignoring the GDPR or getting it wrong could have costly repercussions.<\/p>\n\n\n\n

A serious GDPR infringement is the failure to observe the requirements for international transfers \u2013 if the data is being transferred to a country outside the EU that isn’t deemed to have adequate security levels. It’s these things that can incur the really hefty fines under the GDPR.  <\/span><\/p>\n\n\n\n

The GDPR continues the general prohibition on sending personal data outside the European Economic Area to a country that does not provide adequate protection.<\/p>\n\n\n\n

At the time of writing, the countries deemed by the European Commission to provide \u201cadequate\u201d protection are: US companies that self-certify to the European Union-US Privacy Shield arrangement (note: this does not mean the US as a country is considered to provide adequate protection), Andorra, Argentina, Canada (limited to PIPEDA), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland and Uruguay.  <\/span><\/p>\n\n\n\n

Where no adequacy decision exists, transfers can only be made in limited circumstances, including on the basis of consent, the use of standard contractual clauses published by the European Commission or, in the case of inter-company transfers, the use of Binding Corporate Rules. <\/span><\/p>\n\n\n\n

2. Do you need <\/strong>a data protection officer<\/strong>?<\/strong> <\/span><\/h2>\n\n\n\n

The supervisory authority can impose a fine of up to 4% of annual global turnover, or \u20ac20m, whichever is greater. However, there’s a two-tier system in play.<\/p>\n\n\n\n

The lower tier is half of that, so up to 2% of annual global turnover or \u20ac10m, whichever is greater. The lower tier is for breaches that aren\u2019t considered to be as significant \u2013 so, for example, things like not appointing a data protection officer (DPO) when it is mandatory.  <\/span><\/p>\n\n\n\n

Among other things under the GDPR, companies and any third parties that process personal data on their behalf will need to appoint a DPO if the core activities of the business or third parties involve monitoring of individuals on a large scale, or if the core activities consist of processing on a large scale of special categories of personal data, including data relating to criminal convictions and offenses.  <\/span><\/p>\n\n\n\n

The DPO needs to have expert knowledge of data protection law, although they don\u2019t necessarily need to be an employee and could instead be employed on a service contract to fulfill the role. Details of the DPO will need to be communicated to the supervisory authority, such as the ICO <\/a>in the UK. <\/span><\/p>\n\n\n\n

It will be the job of the DPO to inform the company and its staff about their obligations under the GDPR. They will also have to monitor compliance with the GDPR (and any other data protection laws or requirements).<\/p>\n\n\n\n

This could include managing data protection impact assessments, conducting internal audits and organizing staff training. The DPO will also be the first point of contact for data-protect-related inquiries from supervisory authorities such as the ICO, and the point of contact for any individuals whose data is processed by the company \u2013 including customers, clients, and employees. <\/span><\/p>\n\n\n\n

3<\/strong>. Finance professionals should u<\/strong>se the opportunity to improve <\/strong>data quality<\/strong> <\/span><\/h2>\n\n\n\n

But it\u2019s not all bad news. Finance departments should also think about the way the GDPR<\/a> can result in better data quality, through initiatives like a centralized data repository where data is deduplicated and cleaned up.  <\/span><\/p>\n\n\n\n

Alongside compliance, businesses should think about adding analytics to the high-quality data that may result. Reliable information can result in a more accurate and enriched customer database, which chief financial officers can leverage to make better decisions.<\/p>\n\n\n\n

Remember that most people won\u2019t immediately demand that their data be deleted. If you\u2019re providing a good service, many will be happy to allow your business to use their data if it benefits them.  <\/span><\/p>\n\n\n\n

For example, it allows you to better understand them and tailor your service for what they need. Customers will be happy if you present your product at the right time to them through your understanding and wise management of their personal data. <\/span><\/p>\n\n\n

\n\t
\n\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t

Subscribe to our Sage Advice Newsletter<\/h2>\n\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t

Get our latest business advice delivered directly to your inbox.<\/p>\n\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tSubscribe<\/a>\n\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\"Working\t\t\t<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

The deadline for compliance with the European Union\u2019s (EU\u2019s) General Data Protection Regulation (GDPR) was last month. It affects all businesses and as finance professionals, you need to know what it means for you and your company. The focus is on personal data, or data about individuals, and is a significant shake-up that affects any sole […]<\/p>\n","protected":false},"author":280,"featured_media":4531,"menu_order":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_sage_video":false,"post_featured_image_hide":false,"footnotes":""},"categories":[43],"tags":[116],"business_type":[41],"lilypad":[],"context":[],"industry":[57],"persona":[100],"imagine_tag":[242],"coauthors":[542],"class_list":["post-4504","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-money-matters","tag-compliance","business_type-growing-business","industry-financial-services"],"sage_meta":{"region":"en-us","author_name":"Keir Thomas-Bryant","featured_image":"https:\/\/www.sage.com\/en-us\/blog\/wp-content\/uploads\/sites\/2\/2018\/06\/womaninoffice.jpg","imagine_tags":{"242":"Financial services"}},"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Sage Advice US","distributor_original_site_url":"https:\/\/www.sage.com\/en-us\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/posts\/4504","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/users\/280"}],"replies":[{"embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/comments?post=4504"}],"version-history":[{"count":1,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/posts\/4504\/revisions"}],"predecessor-version":[{"id":35269,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/posts\/4504\/revisions\/35269"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/media\/4531"}],"wp:attachment":[{"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/media?parent=4504"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/categories?post=4504"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/tags?post=4504"},{"taxonomy":"business_type","embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/business_type?post=4504"},{"taxonomy":"lilypad","embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/lilypad?post=4504"},{"taxonomy":"context","embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/context?post=4504"},{"taxonomy":"industry","embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/industry?post=4504"},{"taxonomy":"persona","embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/persona?post=4504"},{"taxonomy":"imagine_tag","embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/imagine_tag?post=4504"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/coauthors?post=4504"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}