Accountancy practices are handling personal data all the time. It could be your client’s, your staff, your suppliers or perhaps your prospective clients. Under the UK’s General Data Protection Regulations, accountancy firms must comply with the rules for processing, storing and retrieving personal data. However, occasionally you may find yourself having to deal with data protection complaints.
The Information Commissioner’s Office has recently published a useful guide called, “How to deal with data protection complaints you receive as a small business”, which can be found here.
The guide sets out what steps an organisation should take when a data protection complaint has been made. A summary of these steps being:
- Step one – acknowledge receipt
- Step two – find out what’s gone wrong
- Step three – give regular updates
- Step four – record your actions
- Step five – respond to the complaint
- Step six – review the lessons learned
The ICO has also provided some good tips and examples on how best to implement the different steps.
If you would like to remind yourself of the data protection rules concerning marketing in a business to business (B2B) environment, please check out our blog, “B2B marketing and the GDPR – A Refresher.”
