As an accounting firm, R. Michael O’Hanlan Consulting (RMOHC) collects sensitive information on its clients that could make it subject to EU General Data Protection Regulations (GDPR).  In proactive response to this, RMOHC is adding GDPR Questionnaire to its Non-Disclosure Agreement.

Sources of information – This is the client, and it is freely given to RMOHC so it can provide services

Personal Data:
Client data is stored on DropBox.  Each client has a box created exclusively for them, and they are given access to the documents 24/7/365.  The client can see all agreement data, spreadsheets, documents, etc. and can edit them as they see fit

Reason for Holding Data:
Client data is essential to providing accounting and bookkeeping services.

Marketing:
Emails used in marketing come from networking events, not clients

Handling:
RMOHC has exclusive control over its DropBox account.  Clients are invited via email to gain access to their information.  Clients cannot see other clients’ boxes or gain access to them.

Data Disposal:
When services end between a client and RMOHC, it provides the client 5 days to pull all files from the dropbox before 1) client access to the box is ended, and 2) the box is deleted.

RMOHC created a new form to attach to its NDA, and having this form filled out with the NDA will be the standard operating procedure from May 21, 2018 forward.