May I share customer data with my accountant?

Accountant processes customer data on your behalf = classic processor relationship (GDPR Art. 28). Requirements: (1) Written DPA (Art. 28(3)) — typically a standard template from NBA or accountant. (2) Processor acts only on your instruction. (3) Sub-processors (Twinfield, AFAS, Microsoft 365) only with your approval. (4) Retention periods clearly agreed. (5) Breach procedure between you. What is allowed? Sharing invoices + bank data for administration. NOT: Client BSN (accountant may have own BSN admin, not your clients'). On takeover/change of accountant: client notification duty + new DPA. Risk: large 2024 fines for SMB that shared data with external accountant without DPA. Practical: request DPA from every accountant — almost every NBA-registered accountant has a standard template.