Under the new framework, firms have to share critical information with the GST Network, which has allowed registered Application Service Providers (ASPs) and GST service providers to support both suppliers and buyers.

Mumbai: With India set to roll out the GST, cyber security experts have called for strengthening the governance process being established under the new regime to prevent data theft and leakage of confidential informations. 

Under the new framework, firms have to share critical information with the GST Network, which has allowed registered Application Service Providers (ASPs) and GST service providers to support both suppliers and buyers. 

“Many organisations have already established such arrangements. However, they are not thinking about the resulting business risks related to sharing of sensitive data. Firms need to quickly navigate these challenges by understanding the way the data is being shared with service providers,”  audit firm PwC said.  

According to the new framework, suppliers are required to upload invoice with key details such as GST registration number, invoice date, item description, item rate, item quantity, tax type while buyers are required to upload payment details such as payment date, payment amount and tax amount among others. 

Since, the time windows established by GST for the above process are quite narrow, GST has allowed registered ASPs or GSPs to support suppliers and buyers. The existence of intermediaries in the process according to PwC would create unique security risks for both vendors and buyers as there could be devices and systems where critical informations could be viewed, stored and leaked during the different stages of communications between the organisation and the tax department. 

“The new requirements entail changes to the existing systems. These changes, if done in an insecure manner, may result in data breaches and other risks that may cause significant reputational and financial damage to an organisation,” it said. 

Noting that firms need to evaluate the governance processes being established under the new regime, the audit firm added that the user roles and responsibilities being provisioned to execute the processes and the management of privileged users that will have access to systems used in the GST processes should also be carefully worked out.