GDPR
Question asked by Sarah Mitten 8 years ago
Is clear books GDPR compliant?
Question asked by Sarah Mitten 8 years ago
Is clear books GDPR compliant?
Yes, I understand now.
Hi Paul,
As it is in our terms of use that by using Clear Books, "17.4 You agree that Clear Books employees will from time to time be required to access Your Data for legitimate business purposes, such as to assist You with a support query or to investigate or resolve an issue raised by You", yes, your clients will need to be made aware of this before signing them up.
When a customer contacts Support, we do still make sure to have consent to access their account. By emailing in for help with an issue personal to their account, we take that to be consent. If a customer calls in, we also verify their access by asking for a confirmation of a piece of data (if they do not at first volunteer it) before giving any specific information on the contents of the account.
If you would like to make any specific arrangements for yourself and your clients, you should call your account manager to discuss this.
Thanks Aran - that's a great help. Paul
Hi Sarah,
Clear Books complies with all current data protection obligations, having done a full review last year. Our head of legal is currently updating that review and will ensure that, if there are any additional areas of compliance, we are fully GDPR compliant before the deadline in May 2018. Given our review last year we do not anticipate any significant changes to our processes.
Thanks Aran
My point relates to giving you access to my, and my client's, books, this is something neither I nor my clients have any control over.
At the moment anyone in CB can gain access to any user's books which is not obvious and could potentially break the GDPR and I have to ask my clients whether they agree to this and, in some cases they may specifically ask me to deny you access, which will mean me getting this into my agreement with you or, if you refuse, moving my clients away to another system.
This is why other suppliers actually have to ask the user or subscriber to give them permission to access the accounts, say in the case of a support query.
With regard to the original GDPR question, I understand Ruth is working on it.
Best Paul
Hi Paul,
Thank you for your suggestion, I will put that forward for consideration.
I am not aware of any further announcements at the moment. For now, it is within customer's control as to the access they allow into their account. For example, customers can choose to either email employees their payslips or avoid the email transfer and add the employee as a user, restricting their permissions to Payroll, so that they can log in to view their payslips directly.
Hi Aran
Anymore news on this?
I, and I'm sure most accountants and business users, will be putting together their Privacy Notices for customers, suppliers and employees, well in advance of the deadline, and will need to be confident that they are OK storing and processing data on CB.
So any idea when we might see CB's policy on this?
In addition, when using other cloud apps, the supplier has to ask me to give specific permission for their employees to have access to my and my client's data. This is quite often with a switch in settings such as "give access to support". This would seem a good time to enable something similar in CB?
Thanks Paul