GST: How to safeguard your financial data on the Internet

One of the unique features of the Goods and Services Tax (GST) is that financial reporting has to be done online and there is no offline channel available for anyone.

This means an entire segment of companies, which till now may have never turned on a computer, suddenly find themselves having to navigate complex technology challenges.

While there are plenty of tech challenges, companies are worried about the security of their crucial financial date being transmitted over the Internet, especially after the recent global WanaCry ransomware.

The key to getting your security right is to understand how the GST reporting system works. You can directly upload your financial data on the GSTN, in which case your online security is as good as you have set it up to be. You then have GST Suvidha Provider (GSP) and Application Service Providers (ASPs) that help you in financial compliance in
case you cannot do it on your own.

“Regards safety of data, what we need to understand is that GSP is a highly regulated body with very strong controls that are mandated by the GSTN. It is basically a data pipe, where your data flows in from the ASP, which has access to your data.It can only look at the meta data, which means it can only identify that this data belongs to a certain Mr. X, this is GSTR-1, it has this many kilo bytes of data, it has your digital signature, and it will transmit such information to the GSTN. It cannot store your data at its end, the data is only stored at GSTN,” says Manish Chowdhary, CEO, Tally Education.

One of the key reasons why GSP’s have been created is because only limited number of parties have access to the connectivity at the GSTN system. “Otherwise you will have millions of people trying to connect to GSTN system, which is basically housing the economic data of the country. So it is a headless system to which only limited number of secured pipes is connected. The secured pipes which, are the GSP’s will control any malware flawing into the system, will remove irrelevant data and will be the first point of ensuring that only clean data transits,”

It is then; we need to take a look at the second layer of assistance, which are the ASPs. Unlike the GSP, your financial data is available to ASPs and this is where you need to have a close look at security. “Having said that, your ASP will obviously have access to your data, but the client is the end user so the data continues to belong to him and whatever security measures you have on your system is also what keeps your data secured,” says Chowdhary. When it comes to security, both you and your ASP needs to have a robust security system.

“There are two kinds of service providers, service providers like GSPs, wherein the data is merely given the go ahead to complete the reporting. The second kind of reporting or the second kind of service providers called ASPs, who in some ways take your data. Obviously the security of someone else’s data for credible service providers is of paramount importance. For these GSPs and ASPs, it is the credibility at a stake,” says Uday Pimprikar, Partner at Ernst & Young, India.

Pimprikar adds that GSPs and ASPs which are credible will obviously build in adequate security measures. “To my mind a company needs to go ahead and when you are evaluating the person to kind of work with or tool to use, it is clear you should look at security ad one of the parameters to make that decision of who or what has access to you financial data,” says Pimprikar.