Top Articles

Transmission easement for a telecommunications company - is it necessary to pay tax?
31 Mar 2023
  1. Home
  2. Accounting Offices
  3. Protection of personal data in the accounting office (part 7) - Online computer programs and the contract for entrusting the processing of personal data

Protection of personal data in the accounting office (part 7) - Online computer programs and the contract for entrusting the processing of personal data

Accounting Offices

Accounting offices must bear in mind that when using the services of external entities to whom they disclose their personal data, they should also take care of data processing entrustment agreements. It should be remembered that data processing is data collection itself.

Personal processing entrustment agreement and hosting and programming service providers

The group of entities with which the accounting office should sign entrustment agreements are primarily:

  • companies providing accounting, HR, warehouse, CRM and on-line billing programs;
  • hosting companies renting server space on which the accounting office data is stored;
  • companies that undertake to make and store backups of the so-called backups.

Providers of hosting services or on-line software will be in accordance with Art. 7 point 2 of the Act on the Protection of Personal Data, process personal data, in particular in the field of recording, storing and sharing. In connection with the above, the accounting office, using the services of external entities of the indicated nature, should take care of creating and signing a contract for entrusting the processing of personal data.

In the case of the above-mentioned entities, the provisions of the Act of 18 July 2002 on the provision of electronic services will apply, which exclude the acceptance of responsibility for the content of these data. The person who makes the resources of the ICT system available for the purpose of storing data by the service recipient is not responsible for the stored data, who does not know about the unlawful nature of the data or related activities, and in the event of receiving an official notification or obtaining reliable information about the unlawful nature of the data or related to it. activity will immediately prevent access to this data.

However, returning to the Act on the Protection of Personal Data, entrustment agreements will be necessary, with the fact that, in accordance with the above, the entity entrusted with the data in this case will not be responsible for their substantive correctness or legality.

The contract for entrusting the processing of personal data is the responsibility of the administrator!

It should be remembered that the administrator is responsible for the protection of personal data before GIODO. And the accounting office remains the administrator even after signing the agreement on entrusting data processing. However, the act also imposes the acceptance of responsibility by the service provider, i.e. the entity that took over the activities related to the processing of personal data.

In connection with the above, when undertaking cooperation with companies providing software, in particular online accounting programs or server suppliers, it is important to take care of contracts for entrusting the processing of personal data.

Online Tips

Do you run a company and have questions?

Take advantage of the expert advice of the Entrepreneur's Guide

Online advice for businesses

On-line accounting software - a solution for personal data protection

The Act on the Protection of Personal Data imposes a number of obligations on accounting offices related to maintaining the security of personal data, both those belonging directly to the office and those entrusted to be processed in the office from the clients themselves. In addition to organizational issues, high demands are placed on data processing in IT systems - and who nowadays does not use computers in an accounting office?

Data processing security measures in the IT system

Accounting offices that use IT systems for the processing of personal data (i.e. in practice every office that uses accountants or other non-dedicated computer programs) are subject to the Regulation of the Minister of Internal Affairs and Administration of April 29, 2004 on personal data processing documentation and conditions technical and organizational, which should be fulfilled by devices and IT systems used to process personal data.

The provisions impose on data controllers using IT systems for their processing the obligation to keep additional documentation, such as the IT system management manual, but also to apply technical security measures. Among them stand out, among others necessity:

  • changing passwords within a specified period of time or using two-factor passwords,
  • creating system backups (so-called backups - backup copies),
  • storing a backup copy in a place other than the one where the data is processed.

Online Tips

Do you run a company and have questions?

Take advantage of the expert advice of the Entrepreneur's Guide

Online advice for businesses

Meeting the above requirements is often associated with additional expenditure on infrastructure ensuring safety. Some of the responsibilities can be transferred to the software provider. Reliable companies that provide the possibility of using online accounting programs have adapted their system to the requirements of GIODO and allow clients to sign entrustment agreements, which partially transfer the organizational and technical requirements and responsibility for the security of personal data to the program vendor.

Computer programs not approved by GIODO

Some accounting offices still use "old" software or generally available free e-mails that do not meet the requirements of the Personal Data Protection Act, for example due to the fact that they are screened in order to develop a user profile of a given account and his "friends". Systems such as the popular excel or word do not have the option of permanently saving the identifier of the user introducing a given change in their permanent functions. Thus, they do not meet the provisions of the regulation and will not be accepted in the event of an inspection by GIODO.

When choosing the computer software to be used by the accounting office, but also by e-mail, the supplier should be carefully "screened". Whether it meets the requirements of the Personal Data Protection Act is a key issue for the bureau. In the event of an inspection, GIODO examines who the data is entrusted to and whether the entity entrusted with the data complies with the requirements for their protection.

Category: Accounting Offices
Additional care allowance until the end of 2020! Previous Article

Additional care allowance until the end of 2020!
Work for foreigners without a permit - extension of the catalog of industries Next Article

Work for foreigners without a permit - extension of the catalog of industries

Recommended Editor'S Choice 2023

Donation made in installments - part 1
Service-Tax

Donation made in installments - part 1

2021
Alcohol expenses for business meetings
Service-Tax

Alcohol expenses for business meetings

2021
Small Claims Procedure - European Money Recovery Procedure
Service

Small Claims Procedure - European Money Recovery Procedure

2021
Leaseback - possible changes in VAT settlements
Service-Tax

Leaseback - possible changes in VAT settlements

2021
GTU 12 - designation of intangible services in JPK V7!
Website

GTU 12 - designation of intangible services in JPK V7!

2021
Receipt with NIP as a simplified invoice - new KIS position
Service-Tax

Receipt with NIP as a simplified invoice - new KIS position

2021

Recommended

Popular Posts

2023 © https://healinghealthteas.com Protection of personal data in the accounting office (part 7) - Online computer programs and the contract for entrusting the processing of personal data