Data security guidelines available for SMEs
The European Union Agency for Network and Information Security (ENISA) published guidelines to help SMEs to adopt a risk-based approach for the security of the personal data they process.
The EU’s General Data Protection Regulation (GDPR) requires businesses acting as data controllers or data processors to ensure the security of personal data through a risk-based approach. E.g. higher risks should lead to more rigorous measures.
However, ENISA acknowledges that SMEs might not always have the necessary expertise and resources to adopt such an approach. Its guidelines aim therefore to facilitate SMEs in understanding the context of the personal data processing and to assess themselves, through a questionnaire, the associated security risks. ENISA also proposes possible organizational and technical security measures which can be adopted by SMEs in order to achieve compliance with the GDPR.
Small and medium practitioners are advised to take note of these guidelines and to use them to prepare themselves for the entering into force of the GDPR on 25 May 2018.
Data protection applies also to filing cabinets
The UK’s Information Commissioner’s Office (ICO), the authority that upholds information rights in the UK, fined Norfolk County Council (Norflok) for non-compliance with data protection rules.
As part of an office move, Norfolk got rid of some furniture, including filing cabinets that were used by the children’s social work team. Norfolk did not have a written procedure to determine who was responsible for emptying the cabinets, which did not occur. As a result, one person buying some of the furniture got case files with sensitive information.
ICO found that Norfolk did not have appropriate measures in place against unauthorised processing of personal data and against accidental loss or destruction of personal data. Norfolk received a penalty of £60,000.
This case shows the importance of having proper data protection procedures, regardless of whether you are in the cloud or using paper files.
How Technology is preventing tax evasion and fraud
In a new report, the OECD focuses on how technology can be a powerful tool for tax authorities to identify tax evasion and fraud.
The study looks at how technology can be used to address electronic sales suppression and false invoicing, as well as issues related to the cash and the sharing economy. Moreover, the report provides real examples of tax authorities that achieved successes in preventing and detecting tax evasion and fraud through the use of technology solutions.
For example, Quebec (Canada) recovered EUR 822 million in taxes following the introduction of sales recording modules into the restaurant industry. The module reduced the time required to audit a restaurant from 70 to 3 hours. As a result, the tax authority increased the number of inspections from 120 to 8000 per year. The authors also point out the benefits for business, which can now be audited electronically and remotely.
The authors hope that the report will encourage other tax authorities to consider whether the same approach may be effective in their jurisdiction.
Commission launches fintech consultation
As announced in the CMU Action Plan, the European Commission has published its public consultation on FinTech. The consultation seeks stakeholder input to further develop and inform the Commission’s policy approach towards technological innovation in financial services, in particular on:
- New technologies’ impact on the European financial services sector, both from the perspective of providers and consumers of financial services
- Whether the current regulatory and supervisory framework fosters technological innovation and how this could be further improved
The stakeholder feedback will be crucial in steering the Commission’s approach and principles on FinTech. It will also enable the Commission to map which associations within the EU bubble are willing and able to be a solid partner in the EU approach towards FinTech.
The deadline for answering to the consultation is on 15 June.
Delaware considers using Blockchain for corporate records
A group within the Delaware State Bar Association’s Corporation Law Section has proposed to allow the use of distributed ledger technology (DLT) to create and manage corporate records.
The proposed legislation is still in an early stage of adoption. The Corporation Law Section first needs to approve the bill before it can even be formally introduced in the Delaware General Assembly.
However, it is not the first time that Delaware is considering the use of DLT in company law. The US State already started experimenting with the use of DLT to register companies, track share movements, and manage shareholder communications.
If successful, this type of legislative experiments might influence EU legislation and the profession’s work.
How digital is your country?
The European Commission published its Digital Economy and Society Index (DESI). This tool seeks to measure the digital performance of EU Member States in a variety of areas, ranging from connectivity and digital skills to the digitisation of businesses and public services.
Overall, the EU improved its digital performance compared to last year. The top performers are Denmark, Finland, Sweden, and the Netherlands. To find out how your country performs, please click here.
In May, the Commission intends to carry out a mid-term review of its Digital Single Market Strategy in order to identify where further efforts may be needed.
EU standardisation needs
The European Commission released its 2017 Rolling Plan on ICT Standardisation. This plan provides an overview of EU policy areas in need for ICT standards.
There are different areas in which ICT standardisation activities are relevant for the accountancy profession. This includes:
- Cloud computing: e.g. develop and promote the use of ICT standards needed to further improve the interoperability, data protection and portability of cloud services
- Open data and big data: e.g. to ensure data quality and data identification
- Cybersecurity: e.g. continue work to ensure privacy and improve existing standards regarding personal data processing
- Electronic identification and trust services: e.g. update standards to address the new requirements and the innovations of the eIDAS Regulation
- E-invoicing: e.g. standardisation to support the implementation of the Directive on electronic invoicing in public procurement.
- XBRL: e.g. coordinated EU input to the global XBRL standardisation processes,
- FinTech: e.g. identify standardisation gaps
The Rolling Plan on ICT Standardisation is complementary to other instruments, such as the annual Union work programme. It does not provide a comprehensive overview of the work programmes of the various standardisation bodies.
Accountancy Europe (member) initiatives
ICAEW: Big data and analytics – what’s new?
The Institute of Chartered Accountants in England and Wales released a publication on big data and data analytics. In it, three broad questions are addressed: i) What’s creating big data? ii) What are the opportunities and risks? iii) How do we exploit it?
Accountants can exploit big data and analytics in different ways. For example, they can improve the efficiency and quality of audit activities through analysis of whole data sets or use more sophisticated outlier and exception analysis to improve internal control and risk management.
However, the authors warn that this would require greater knowledge in the theory and practice of statistics than many accountants currently have. They believe accountants would need to acquire at least enough knowledge to be an ‘intelligent buyer’.
CIPFA/Public Finance: Prepare your place in a robotic world
The Chartered Institute of Public Finance and Accountancy released an opinion on the social consequences of the increasingly dominant role of technology. One of the authors core statements is to look at what robots can do better, and focus people on doing the things that humans do best.
By 2030, robots or smart machines are forecast to have an IQ higher than 99% of humans. The Bank of England estimates that, by then, up to 15 million jobs in Britain – almost half – will be at risk of being lost. (John Thornton)
Robots are taking over
The Guardian: The robot debate is over: the jobs are gone and they aren’t coming back
The piece with dramatic title prefaces with comparing a 2013 report that concluded that 47% of jobs would be susceptible to automation within the next 20 years with a latest report which not only supports the 2013 report but also suggests the jobs are already lost and unlikely to come back. The authors objective is to conclude and provide an overview of the debate on “whether or not robots are going to take our jobs”.
What lends the NBER report added authority is it doesn’t rely on modelling to predict what robots are likely to do to jobs in the future, but on hard data to look at what robots are already doing to jobs in the present.(Greg Jericho)
Ernst & Young: How can blockchain help build frictionless government and better public services?
Brian Forde, the Senior Lecturer for Bitcoin and Blockchain at MIT and former White House senior advisor answers nine questions about Blockchain-based solutions and their potential to make government operations more efficient and improve the delivery of public services, while simultaneously increasing trust in the public sector. In summary, digital technologies reduce transactional frictions among buyers and sellers in commercial markets, while governments still lack behind. Blockchain technology must be supported by a collaboration between the public and private sector in developing smart standards and regulation. Mr Forde believes that the absence of legacy financial systems in rapid growth countries will allow blockchain innovation to take place much faster.
- 19-20/04/2017: The 8th Annual Internet of Things European Summit, Brussels. See website.
- 25/04/2017: Opportunities and challenges of 5G in the EU, Brussels. See website.
- 11/05/2017: STOA and DG CONNECT joint workshop on blockchain, Brussels. See website.
- 12/05/2017: New technologies and digitalization: opportunities and challenges for Social Economy and Social Enterprise, Brussels. See website.
- 7-8/06/2017: Annual Privacy Forum (APF), Vienna. See website.
- 14/06/2017: SEMIC 2017: Data and Information Management – Programme published!, Valletta (Malta). See website.
- 15-16/06/2017: Digital Assembly 2017 in Valletta: “Digital Europe: Investing in the Future”, Valletta (Malta). See website.