QXAS is India’s first GDPR compliant company. We are certified by the British Standards Institution (BSI) since 26 April, 2018.
The guidance centre hopes to offer you helpful insight into how QXAS became the first accounts outsourcing company in India to be GDPR compliant via the BS10012:2017 framework, which is the only available code of conduct which aligns with the principles of GDPR.
Our delivery centers were certified GDPR compliance by the British Standards Institution (BSI) on 26 April 2018, exactly a month before the 25 May 2018 deadline.
We appointed a Data Protection Officer (DPO) and formed a cross-functional team of data protection specialists to analyse and address the new requirements of GDPR. Among other tasks, this team helps with transparency, Privacy by Design, and conducting Data Protection Impact Assessments (DPIAs).
While we already use state-of-the-art servers in Europe for the storage of data, we implemented additional security controls to ensure we as data controllers meet the ‘accountability principles’ under the GDPR requirements.
We set up an official 72-hour, breach response plan that adheres with GDPR, and have an internal audit program for all processes to ensure QX is always in compliance with the rules set forth by the regulation.
All senior level staff has now undergone training to ensure they maintain a DPIA at the early stages of any project that involves personal data. We have also conducted awareness training at our Board level to ensure our leadership teams are well aware of QX’s obligations under GDPR.
As required by the BS 10012: 2017 framework, we now offer all our accounting clients with a Data Protection Agreements (DPA) with GDPR clauses as a standard. This enables QX and its clients to comply with GDPR requirements. All our revised written contracts are based on the ICO (Information Commissioner’s Office) guidelines, which include these terms:
We have adequate levels of data protection controls in place for the transfer and processing of data
“At this stage where most of the companies have just started their GDPR journey, such a mature and well drafted framework at QX is a proof of how ahead you are in the game. We had a difficult time finding a flaw in your system. The level of competency of people, the detailing of documentation and the involvement of people is commendable. It was a learning experience for us too and we wish you all the best for the future”
At QX, we appreciate the importance of the General Data Protection Regulation (GDPR). To ensure our compliance to the EU regulation we took initiatives such as appointing a DPO and becoming compliant via the BS 10012:2017 framework. We also conduct awareness workshops about how to handle personal data so that everyone in the organisation speaks GDPR.
QX is proud to have Amit Simon, take on the role of company Data Protection Officer (DPO). With a Master’s in Information Technology and a Lean Six Sigma Black Belt, Amit has extensive experience in driving the process excellence vision of QX through tools and frameworks like ISO 9001, ISO 27001 and Lean and Six sigma.
Explore all insights on topics that matter to you and your accounting firm.
2020 was a game-changer for accountants. The year was spent supporting clients and evolving into...
Read More
Accounting firms are at the forefront of helping businesses and individuals prepare their tax returns, which even...
No doubt, 2020 has been dominated by the presence of COVID-19 and its...
If you have further questions please email us at [email protected]
Disclaimer: This site is intended to provide helpful guidance to customers on the GDPR and not as a comprehensive solution or legal advice. Each organisation should undertake their own steps to ensure compliance.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.