Organizations today focus on ensuring that their accounts receivables (AR) function is robust and better manage their working capital, customer relations, and reduce bad debts.
AR function deals with very sensitive customer information including identity and financial details of their customers. So organizations need to be aware of and be compliant to the data protection and data privacy regulations to handle, process, and store their customers’ information. Non-compliance in any aspect can lead to major data breaches and heavy penalties as administrative fines.
The General Data Protection Regulation (GDPR) by the European Union, enforces privacy by design and privacy by default in the way organizations capture, process, use, and store customer information.
It is a data protection law that came into force on 25 May 2018 to regulate EU citizens’ data. Unlike the previous regulation (Data Protection Act 1998), the GDPR applies to any globally operating company with clients or customers in the EU and not just those located in the EU. The new data protection law is intended to standardize data protection practice across Europe. Under the GDPR, organizations may be in scope if:
The GDPR is one of the strictest and most far-reaching data protection regulations, imposing stringent data protection requirements with heavy penalties for non-compliance.
GDPR provides maximum importance to consumer consent. Companies are expected to get explicit consent about the type of data that they will collect as well as how they will process it. This however does not take into account whether or not the data processing is within the EU or not. As long as the data being collected belongs to EU citizens, GDPR is applicable.
One may wonder if GDPR applies only to digital processing? The answer is ‘No’. Any manual or paper record that is a part of a relevant filing system or papers stored systematically in a filing cabinet is also included. The accounting team should ensure that they apply the same levels of diligence to paper records as they do to digital records, adhering to the data protection principles and upholding consumer’s (data subjects’) rights including paper records.
Accounting software typically processes two different types of personal data:
The GDPR will not change if the data recorded by the software is for carrying out operations like organizing, altering, disclosing (by any means) or removing data from the original record.
One of the most crucial tasks that an accounting team has to deal with is invoice data capture. Now, as businesses continue to embrace automation and data capture tools, invoice data capture solutions take over the entire process and finally store the data.
The GDPR stipulates that before the AR team processes the data they must establish that they have a lawful basis for doing so. The GDPR states that an upfront declaration of the lawful basis is to be made, documenting the reasons and informing the customer (data subject) of it via a privacy notice, engagement letter or contract.
Another important provision is that GDPR provides customers with the ‘right to be forgotten’. This means that if you agree to share certain data today, you are given the choice of retracting it later. For instance, if you share your credit card information with your seller today, you can ask them to delete your credit card information or your entire account data at a later point in time. Your seller can no longer show backdated contracts signed by you. If you want the data to be deleted, the instruction supersedes and your seller is legally bound to delete all the associated data.
But can you use GDPR’s ‘right to be forgotten’ to delete your credit history? The answer is ‘No’. You cannot simply have your credit history deleted. The information or history recorded for credit referencing purposes is not a part of these and is instead subject to strict industry guidelines around data processing and sharing.
With the advent of the EU GDPR, consumers now have a greater say about how their personal data is used. HighRadius solutions are GDPR compliant and will help you automate your AR processes in a highly secure environment.
Automate invoicing, collections, deduction, and credit risk management with our AI-powered AR suite and experience enhanced cash flow and lower DSO & bad debtTalk to our experts
HighRadius Integrated Receivables Software Platform is the world’s only end-to-end accounts receivable software platform to lower DSO and bad-debt, automate cash posting, speed-up collections, and dispute resolution, and improve team productivity. It leverages RivanaTM Artificial Intelligence for Accounts Receivable to convert receivables faster and more effectively by using machine learning for accurate decision making across both credit and receivable processes and also enables suppliers to digitally connect with buyers via the radiusOneTM network, closing the loop from the supplier accounts receivable process to the buyer accounts payable process. Integrated Receivables have been divided into 6 distinct applications: Credit Software, EIPP Software, Cash Application Software, Deductions Software, Collections Software, and ERP Payment Gateway – covering the entire gamut of credit-to-cash.