What is the GDPR?
The General Data Protection Regulation (GDPR) introduces stricter controls on how organisations collect and process personal data. The regulation outlines six key principles for organisations that process personal information. These are that data shall be:
- processed lawfully, fairly and transparently
- collected for specified, explicit and legitimate purposes
- adequate, relevant and limited to what is necessary for processing
- accurate and, where necessary, kept up to date
- kept for no longer than is necessary
- processed in a manner that ensures security
What has Taxfiler been doing to prepare for GDPR?
We constantly review the security measures that we have in place to protect your client data. This includes both internal and external testing to check for vulnerabilities and ensure that our systems are resistant to both accidental and deliberate data leakage.
We have verified that partners who help us to deliver our services are fully compliant with GDPR and have adequate standards of data security and privacy protection. We have ensured that processes are in place to review these services regularly and to ensure that all such services continue to be of the required high standard.
We have carried out a detailed review of all product areas to identify areas for improvement and have scheduled enhancements to our software which will make GDPR compliance easier for our users in future. For further information about some of the proposed updates see below.
Where is client data hosted?
We use secure data centres based solely in the UK. Data is backed up regularly and these are encrypted and stored only in the UK. Old backups are completely destroyed after a few days as part of a defined backup cycle.
Keeping client data accurate and up to date
Amending your client data in Taxfiler is easy. Using our reporting and search tools you can quickly find and review client records and you will be able to keep your client personal data up to date while ensuring you have accurate records of historical tax return data.
Deleting client data
When clients ask for their information to be removed from your records, they have the right to have their data deleted as fully as possible. Finding and deleting all data for a client can be done quickly in Taxfiler. Deleting a client will remove all data including tax returns, notes and attachments for that client.
Closing your account
If you close your account with us then you have the option of retaining client data for continued access or asking us to remove all your data from our system. If you wish to retain your data on our system you will continue to have access to review and delete client data to ensure you can meet your ongoing GDPR obligations.
What improvements are we making to the software for GDPR?
We will be rolling out enhancements to our software over the coming months to make it simpler to adhere to GDPR best practices. These new features include the following:
- Enhancing login security with additional options for ensuring that data is being accessed only by authorised users.
- Enabling optional client level security which will restrict which users within a firm can access data for a client and what level of access those users have.
- Making it easier to download client personal data in a format that can be passed to the client if they request a copy of the data you hold for them.
- Including built-in encryption of downloaded PDF files to simplify sending output to clients.
- Integrating to a secure document portal for automated upload and digital signing of documents.