Publication

6 December 2018

GDPR: implications for auditors

Statutory auditors regularly process personal data obtained from their clients. They are therefore directly impacted by the General Data Protection Regulation (GDPR) that entered into force in May 2018.  

This publication aims to clarify what role auditors play under GDPR, i.e. whether they act as data controllers or as data processors. This distinction matters as the responsibilities allocated to each role are different. 

We conclude that in principle, statutory auditors qualify as data controllers. For non-statutory audit services, we encourage practitioners to analyse the processing of personal data on a case-by-case basis to determine whether they will be considered data controllers or data processors. Respective role and responsibilities should be stated in the engagement letter.

 

 

 

Related content

BlogGDPR one year on: its impact on auditors and accountants?

13 May 2019

Stories from PracticeWorried about the GDPR? Call your accountant!

3 December 2018

UpdateTechnology: GDPR extra

23 March 2018

BlogGetting your SME practice GDPR proof

25 January 2018

PublicationSustainability assurance under the CSRD

10 May 2022

Consultation responseEC’s consultation on VAT in the digital age

30 March 2022

EventIntellectual property for accountants – train the adviser

25 March 2022

UpdateSME Update

24 March 2022

PublicationHow IP can help build risk resilient SMEs

24 March 2022

PublicationWar in Ukraine – what European accountants need to know

9 March 2022

In the mediaAccountancy Europe & the EUIPO: working together to support and guide SMEs

1 March 2022

UpdateSME Update

25 February 2022

PublicationVAT rates – greater flexibility for Member States

14 February 2022

Consultation responseEC’s consultation on Listing Act: support for ambitious simplified SMEs prospectus

3 February 2022

PublicationSupply chain sustainability assessment

28 January 2022

EventBecause Green Recovery Counts

27 January 2022

Consultation responseIAASB’s Exposure Draft on a New Standard for Audits of Less Complex Entities

26 January 2022

UpdateSME Update

21 January 2022

PublicationOur SME work: 2020 and 2021

21 December 2021

EventTrain the Advisor: Become an IP Expert for SMEs

16 December 2021

UpdateSME Update

10 December 2021

In the mediaSustainability reporting: why should SMEs care?

3 December 2021

EventA Global Solution for Auditing Less Complex Entities

19 November 2021

Consultation responseEU Taxonomy and Article 8 Delegated Act implementation need clarity

17 November 2021

Sign up for our newsletter

* indicates required
Would you like to subscribe to our newsletter?
On which topics would you like to receive news?