Online privacy administration - Start simple, finish fast Privacy Accounting Control Tracking

Accountancy & Privacy Law

Accountancy has a lot to do with various laws and regulations. One of them is the General Data Protection Regulation act, better known as GDPR. The legislation applies throughout Europe, including the Netherlands. What do you, as an accountant, need to know about this? Fortunately, with Pact-privacy® you can easily and conveniently keep track of your administration, but why would you?

GDPR? I’m not going to bother my clients with that!

A frequently heard comment during my training sessions. But what if your clients hold you liable for bad or not received advice? Based on the professional code for accountancy you are expected to point out business risks to your clients,

If entrepreneurs do not comply with the GDPR, they run a material risk, fines of up to 20% of their annual turnover. It sounds like something unreal and difficult to check, but the Dutch Data Protection Authority does check it. You don’t let your customers take that risk, do you?

Last year, the Dutch Data Protection Authority imposed more than 2.5 million euros in GDPR fines, with an average fine of 600,000 euros. It concerns a total of four fines. The number of investigations into violations of privacy rules increased fivefold to 110.

Exemplary role of accountancy

However, avoiding fines is not the main reason to get things in order. Accountants set an example for society. Accountants are trusted advisors.

The profession is characterized by core values ​​such as professionalism, integrity, objectivity, professional competence and confidentiality. It simply doesn’t do them justice when they mess with things like this. Customers expect strict confidentiality and carefulness in dealing with their privacy and that of their organization.

Accountancy therefore has not only a legal, but also a moral duty to handle customer personal data with care. This applies to individual accountants as natural persons, but also to accountancy firms as legal entities.

The reputational damage that occurs in a data breach can be many times more serious than any fine.

AP records most data breaches for the Accountancy and Finance sector

Data breaches are therefore common in the accountancy sector. The numbers speak for themselves. Since 2016, the Dutch Data Protection Authority has reported most data breaches for the accountancy and finance sector. Together with the healthcare sector, they are lonely at the top in that area. That is painful, because accountancy firms in particular manage very privacy-sensitive personal data.

Financial information is of course very sensitive to privacy, but the BSN (Dutch social security number) is also very popular. For example for identity fraud. Also think of things like photocopies of passports that organizations from this sector often process. The aforementioned exemplary function cannot be reconciled with a data breach.

Entrepreneurs must demonstrably comply with the GDPR.

The GDPR requires entrepreneurs, including accountants, to demonstrably comply with privacy legislation. This means that they must register what they do with personal data.

Entrepreneurs must keep a privacy administration in order to be able to submit them to the Dutch Data Protection Authority.

accountancy bol ruitenburg verstegen wallast hlb van daal visser Koenen kroesewevers schipper van oers witlox

The content of a complete privacy administration includes a processing register, a register with processors, processing agreements, a register of requests, a data breach register, and an overview of measures and controls.

Chain responsibility: Who is responsible

Various parties are responsible for processing in the chain: the controller, the processor and any sub-processor. The controller is a legal person who determines the purpose and means of the processing of personal data. This could be the SME advisor who, as an employer, collects the legally required data from his employees. The processor is the legal entity that processes personal data on behalf of the controller. For example, processing salaries and keeping records. The sub-processor is the legal entity that processes personal data on behalf of the processor.

Administration essential

The next step is to periodically audit the privacy situation at companies, the so-called privacy impact assessment.

With a comprehensive privacy administration you can enter into a risk discussion with your clients.

Unburden privacy administration

Thanks to the Pact-privacy® portal, you can take over a complete privacy administration for each of your clients.

The portal has the look & feel of your office and works for your clients in a familiar way.

Easy and simple your privacy administration in order

Our online privacy administration, with templates and wizards. makes it easy to get the privacy administration of your organization in order.

Thanks to clear instructions, Pact-privacy® can be completed and updated quickly and upheld easily by a privacy officer.

Tailored to your needs

Pact-privacy® is a complete product with handy wizards and pre-filled templates.

During the demo, we like to spend as much time as possible on solutions that you are looking for.

Discover in our product tour which features you want to hear more about.

Request the Free Buyersguide

Want to look around yourself?

Can’t wait to click around in our product yourself? No problem! Try Pact-Privacy® free for 30 days. No strings attached.

Try PACT-Privacy® for Free

Frequently Asked Questions

Do you want to offer this cloud software to your clients? That is possible, the software can be resold at interesting conditions.

Do you want your own portal, recognizable to your clients? Of course your own privacy administration with all your clients in 1 overview.


Do you have any question?






Accountants Registered Accountants Advisors Advisory Group Accountancy Accountants

TOP