GDPR Obligations For Accountants

boekhouder mag persoongsgegevens bijhouden


GDPR obligations? But what exactly is GDPR? 

The General Data Protection Regulation (GDG), also known as the General Data Protection Regulation (GDPR), is a recent piece of legislation that establishes a legal framework for privacy in the European Union. It applies to all companies, public authorities and associations that process or collect personal data, regardless of their location inside or outside the EU.

The scope of the GDPR extends to entities outside the EU, such as the United States, that process personal data of EU citizens. This underscores the global impact of regulation.

boekhouder mag persoongsgegevens bijhouden

Do accountants process personal data?

Any company processing personal data must comply with GDPR obligations. But when is data processing by a company actually referred to? And what does the term “personal data” include? We explain this in more detail below.

What are personal data?

Personal data refers to information about a living, natural person by which that person can be directly or indirectly identified. Examples include an IP address, phone number or date of birth. Even combinations of indirect factors are personal data if they can lead to the identification of natural persons.

The GDPR also provides for special categories of personal data, with additional rules for sensitive information such as criminal convictions or medical data. Companies processing such data must comply with strict security requirements because of the serious risks to the privacy of data subjects.

When is processing involved?

The term “processing activities” has a broad meaning under the GDPR. Maintaining, collecting, recording, structuring and modifying personal data all fall under this term. Bookkeepers may thus be engaged in data processing in many cases because they regularly come into contact with (often sensitive) personal data of their clients.

3 Key GDPR Obligations For Accountants:

  1. Purpose & Legal Basis of Processing.

Entities that process personal data must be able to justify their processing activities. For accountants, the legal basis is often based on the necessity for performance of the agreement with the client or legal obligations, so consent is not always required.

  1. Privacy Policy and Duty to Disclose

The GDPR introduced the information obligation, which requires processing entities to adequately inform data subjects about the processing of their personal data. Accountants should create a privacy policy and inform data subjects of their rights, such as inspection, the right of portability, and so on.

  1. Register of Processing Activities

Data controllers, including accountants, must keep a record of processing activities. This will include contact information, details of data processing, external processors, retention periods and technical measures.

How to get started.

DPO Associates’ expertise is in offering various GDPR-related services. We are happy to take the legal concerns regarding privacy off your hands. Our priority is transparency on costs and, of course, on the file.

Our firm has two certified Data Protection Officers with extensive experience at various companies and government agencies. At DPO Associates, we strive for a clear and pragmatic customized approach, where a personal touch is our top priority. Our services are focused on your business, your expectations and your personal needs. We are committed to ensuring that your firm can legally implement innovative projects correctly.


DPO Associates not only offers extensive expertise in GDPR services, but also has specific solutions to facilitate GDPR obligations for accountants their clients. With our Basic or Pro GDPR subscription, SMEs can easily and efficiently comply with GDPR requirements.

DPO Associates handles GDPR-related questions and implementations among accountants and related SMEs.


Meer berichten

GDPR And Public Administration

Introduction: In the digital age we live in, managing personal data is becoming increasingly challenging, especially for government agencies that manage a

cybersecurity in 2024

Cybersecurity Measures In 2024

Introduction: After a challenging 2023, which saw notable events both in cybersecurity and globally, we now turn our gaze to what 2024

Meer info: