GDPR

We respect your privacy and are committed to protecting your personal data

Our Commitment To Security And Regulatory Compliance

Being one of the UK’s leading suppliers of accounting, finance and accounts, payroll and recruitment process outsourcing services, we are committed to implementing the GDPR. Our team ensures that our clients and our businesses are prepared for GDPR before we commence the processing. We are ISO 27001 and ISO 27701 compliant organization and these standards validate the measures we have taken to;

  • enable compliance to GDPR requirements,
  • and protect confidentiality, integrity and availability of our client data.

BSI Case Study

GDPR Compliance

QX Accounting Services has always honoured its clients’ right to data privacy and protection. We are the first outsourcing company in India to become GDPR compliant.

 

Download our Privacy Policy here

DOWNLOAD

Why Is A GDPR Compliant Outsourcing Partner Important For You?

GDPR impacts data controllers and data processors alike, making it imperative for outsourcing companies (as data processors) to ensure that their data processing activities are carried out in accordance with the data protection principles set out in the GDPR. Failing to get data protection right is likely to damage your reputation, your customer relationships and, ultimately, your finances.

As the 1st GDPR compliant outsourcing company in India, we want our clients to be confident in knowing that we’ve taken all the necessary steps to not only keep their data secure but also to only collect and hold what is required.

APPOINTMENT OF A DPO

We appointed a Data Protection Officer (DPO) and formed a cross-functional team of data protection specialists to analyse and address the new requirements of GDPR. Among other tasks, this team helps with transparency, Privacy by Design, and conducting Data Protection Impact Assessments (DPIAs).

ACCOUNTABILITY PRINCIPLES

While we already use state-of-the-art servers in UK for the storage of data, we implemented additional security controls to ensure we as data controllers meet the ‘accountability principles’ under the GDPR requirements.

BREACH RESPONSE PLAN

We set up an official 72-hour, breach response plan that adheres with GDPR, and have an internal audit program for all processes to ensure QX is always in compliance with the rules set forth by the regulation.

AWARENESS WORKSHOPS

All senior level staff has now undergone training to ensure they maintain a DPIA at the early stages of any project that involves personal data. We have also conducted awareness training at our Board level to ensure our leadership teams are well aware of QX’s obligations under GDPR.

Data Protection Agreements

As required by the ISO 27701 framework, we now offer all our accounting clients with Data Protection Agreements (DPA) with GDPR clauses as a standard. This enables QX Accounting Services and its clients to comply with GDPR requirements. All our revised written contracts are based on the ICO (Information Commissioner’s Office) guidelines, which include these terms:

  • We have adequate levels of data protection controls in place for the transfer and processing of data
  • We only process personal data on documented instructions from our clients
  • We have a process that anonymises and encrypts data
  • We securely delete data after the required retention period /at the end of the contract
  • We submit to independent, third-party audits and inspections, and work with our clients to ensure we are both meeting Article 28 obligations

Our GDPR Insights

QX Speaks GDPR

At QX we appreciate the importance of the General Data Protection Regulation (GDPR) and how it affects outsourcing. To ensure our compliance to the UK regulation we took initiatives such as appointing a DPO and becoming compliant via the ISO 27701 framework. We also conduct awareness workshops about how to handle personal data so that everyone in the organisation speaks GDPR.

QX’s Expert DPO Amit Simon

QX is proud to have Amit Simon, take on the role of company Data Protection Officer (DPO). A Data Protection Officer (DPO) is someone who can enable compliance and is accountable for overseeing a business’s data protection strategy and its implementation to establish compliance with the GDPR requirements. And that’s exactly what Amit Simon does at QX.

Resources for GDPR-Compliant Outsourcing

GDPR FAQ’s

Accounting firms are at the forefront of helping businesses and individuals prepare their tax returns, even at......

Read More  

GDPR Outsourcing Partner Compliance Checklist

No doubt, 2020 has been dominated by the presence of COVID-19 and its......

Read More  

GDPR Glossary

2020 was a game-changer for accountants. The year was spent supporting clients and evolving into......

Read More  

QX GDPR Compliance BSI Case Study

QX GDPR compliance bsi case study...

Read More  

Partner with us for a safe & secure outsourcing experience.

Book a Consultation CALL