GDPR Compliance & Resource Hub

QXAS is India’s first GDPR compliant company. We are certified by the British Standards Institution (BSI) since 26 April, 2018.

WATCH VIDEO

OUR STATEMENT OF COMPLIANCE TO EU GDPR

VIEW CERTIFICATE

Welcome to QXAS’ GDPR Guidance Center

The guidance centre hopes to offer you helpful insight into how QXAS became the first accounts outsourcing company in India to be GDPR compliant via the BS10012:2017 framework, which is the only available code of conduct which aligns with the principles of GDPR.

Our delivery centers were certified GDPR compliance by the British Standards Institution (BSI) on 26 April 2018, exactly a month before the 25 May 2018 deadline.

How We Got Ready For GDPR

  • Data security has always been of paramount importance to us, but GDPR makes the security and privacy aspects even more important.
  • Businesses, both data controllers as well as data processers, need to meet a whole list of requirements to demonstrate GDPR compliance.
  • They have to commit to enhancing their data inventory and mapping processes, revising written data processing agreements (DPAs), appointing a data protection officer (DPO), and putting a Data Protection Impact Assessment (DPIA) policy in place.

OUR DATA SECURITY MEASURES & FEATURES

APPOINTMENT OF A DPO

We appointed a Data Protection Officer (DPO) and formed a cross-functional team of data protection specialists to analyse and address the new requirements of GDPR. Among other tasks, this team helps with transparency, Privacy by Design, and conducting Data Protection Impact Assessments (DPIAs).

ACCOUNTABILITY PRINCIPLES

While we already use state-of-the-art servers in Europe for the storage of data, we implemented additional security controls to ensure we as data controllers meet the ‘accountability principles’ under the GDPR requirements.

BREACH RESPONSE PLAN

We set up an official 72-hour, breach response plan that adheres with GDPR, and have an internal audit program for all processes to ensure QX is always in compliance with the rules set forth by the regulation.

AWARENESS WORKSHOPS

All senior level staff has now undergone training to ensure they maintain a DPIA at the early stages of any project that involves personal data. We have also conducted awareness training at our Board level to ensure our leadership teams are well aware of QX’s obligations under GDPR.

DATA PROTECTION AGREEMENTS

As required by the BS 10012: 2017 framework, we now offer all our accounting clients with a Data Protection Agreements (DPA) with GDPR clauses as a standard. This enables QX and its clients to comply with GDPR requirements. All our revised written contracts are based on the ICO (Information Commissioner’s Office) guidelines, which include these terms:

We have adequate levels of data protection controls in place for the transfer and processing of data

  • We only process personal data on documented instructions from our clients
  • We have a process which anonymises and encrypts data
  • We securely delete data after the required retention period /at the end of the contract
  • We submit to independent, third-party audit and inspections, and work with our clients to ensure we are both meeting Article 28 obligations

“At this stage where most of the companies have just started their GDPR journey, such a mature and well drafted framework at QX is a proof of how ahead you are in the game. We had a difficult time finding a flaw in your system. The level of competency of people, the detailing of documentation and the involvement of people is commendable. It was a learning experience for us too and we wish you all the best for the future”

- The BSI Audit Team, British Standards Institution

OUR GDPR INSIGHTS

QX Speaks GDPR

At QX, we appreciate the importance of the General Data Protection Regulation (GDPR). To ensure our compliance to the EU regulation we took initiatives such as appointing a DPO and becoming compliant via the BS 10012:2017 framework. We also conduct awareness workshops about how to handle personal data so that everyone in the organisation speaks GDPR.

Watch Now

QX’s Expert DPO Amit Simon

QX is proud to have Amit Simon, take on the role of company Data Protection Officer (DPO). With a Master’s in Information Technology and a Lean Six Sigma Black Belt, Amit has extensive experience in driving the process excellence vision of QX through tools and frameworks like ISO 9001, ISO 27001 and Lean and Six sigma.

Watch Now

RESOURCES FOR GDPR-COMPLIANT OUTSOURCING

Explore all insights on topics that matter to you and your accounting firm.

GDPR Glossary

2020 was a game-changer for accountants. The year was spent supporting clients and evolving into...

Read More  

GDPR FAQ’s

Accounting firms are at the forefront of helping businesses and individuals prepare their tax returns, which even...

Read More  

GDPR outsourcing partner compliance checklist

No doubt, 2020 has been dominated by the presence of COVID-19 and its...

Read More  

GDPR Case Study

Accounting firms are at the forefront of helping businesses and individuals prepare their tax returns, which even...

Read More  

LET’S WORK TOGETHER

If you have further questions please email us at [email protected]

Disclaimer: This site is intended to provide helpful guidance to customers on the GDPR and not as a comprehensive solution or legal advice. Each organisation should undertake their own steps to ensure compliance.