It is now a mandatory affair for all the business entities and companies have to maintain all financial data via online under the Goods and Services Tax (GST) Regime and there is no offline tool available for anyone under this. Online facility of financial reporting is one of the highlighting features of the new indirect tax regime.
That means all companies have to adopt the new method of maintaining financial accounts in the new indirect tax regime, suddenly has created a problem for them to cooperate with new complex technology challenges. After the Ransomware Attack, the companies are worried about their personal financial data that is being uploaded online via the Internet.
The companies and business entities firstly have to clarify that how the GST financial reporting system works, it is the foremost step for getting security. The users and companies can upload its financial data directly on the GSTN platform, where it is ultra secured any means. If in a case someone is not able to upload financial compliance through own, they can take help from GST Suvidha Provider (GSP) and Application Service Providers (ASPs).
An Expert from a reputed accounting firm said that “Regards safety of data, what we need to understand is that GSP is a highly regulated body with very strong controls that are mandated by the GSTN. It is basically a data pipe, where your data flows in from the ASP, which has access to your data. The GSP by law cannot look at what the data is, it can only look at the meta data, which means it can only identify that this data belongs to a certain Mr X, this is GSTR-1, it has this many kilo bytes of data, it has your digital signature, and it will transmit such information to the GSTN. The GSP cannot store your data at its end, the data is only stored at GSTN.”
Only limited number of people and parties were able to access at GSTN portal that why the initiation of GSPs centres have been taken by the government. The expert further added that “Otherwise you will have millions of people trying to connect to GSTN system, which is basically housing the economic data of the country. So it is a headless system to which only limited number of secured pipes is connected. The secured pipes which, are the GSP’s will control any malware flawing into the system, will remove irrelevant data and will be the first point of ensuring that only clean data transits.”
ASPs are at the second layer of information assisting for transmitting all the tax data to the GSTIN without any hassle and accordingly, this is the stage where one should keep eyes open.
The expert says that “Having said that, your ASP will obviously have access to your data, but the client is the end user so the data continues to belong to him and whatever security measures you have on your system is also what keeps your data secured.” From the safety point of view, you and your ASP will require strong robust security system.
Uday Pimprikar, Partner at Ernst & Young, India said, “There are two kinds of service providers, service providers like GSPs, wherein the data is merely given the go ahead to complete the reporting. The second kind of reporting or the second kind of service providers called ASPs, who in some ways take your data. Obviously, the security of someone else’s data for credible service providers is of paramount importance. For these GSPs and ASPs, it is the credibility at a stake.”
Pimprikar further added that GSPs and ASPs are the trustworthy platforms, which will have been created keeping in mind security measures. He further added that, “To my mind a company needs to go ahead and when you are evaluating the person to kind of work with or tool to use, it is clear you should look at security ad one of the parameters to make that decision of who or what has access to your financial data.”
