search
The General Data Protection Regulation (GDPR) will become reality on May 25, 2018, and organisations across the globe are preparing to meet the extensive requirements of the new regime.
As an evolution of the 1995 Data Protection Directive, GDPR introduces a new concept of accountability, which requires businesses that deal with EU data to “demonstrate compliance” with the core principles of data protection.
While the change stems from Europe, organisations around the world must comply if they offer goods and services to the EU.
This includes implementing a more prescriptive data processing arrangement. However, it doesn’t stop at how the data is processed within your practice. It also includes how data moves to and between the companies you work with, right from payroll bureaus, cloud providers, to outsourcing companies.
If you are an accountancy practice you are the data controller. That is because as a data controller you determine the purposes and means of processing personal data. In plain English, you decide what the data is for and what’s going to happen to it. But a data processor has a distinct meaning under GDPR. It refers to the person or body who is separate from you (i.e. not an employee) and who processes personal data on your behalf. In plain English, the controller gives the processer a specific job to to and the processor does it. This in our case would be an outsourcing company like QXAS.
GDPR marks a huge change in the balance of responsibility between data controller and data processor. Under the new regulations, outsourcing companies will have more responsibility to protect their clients’ data. Which means as data controllers accountancy firms will have to start questioning their current or potential outsourcing partners if they meet GDPR requirements and how they can demonstrate it.
To help you ensure your outsourcing provider is complying with GDPR, use our three-pronged supplier checklist, which takes into account the legal, operational and technological perspective:
Trust is the foundation of our relationship with our accounting clients. We value the confidence they put in us and take full responsibility of protecting their information seriously.
QXAS met with the requirements of GDPR on 26 April 2018 via the ISO BS 10012:2017 framework – it’s the only available industry code of conduct that aligns with GDPR requirements. We are the first outsourcing company in India to have been awarded the standard – exactly a month before the deadline comes into effect!
It means we has developed and deployed standard processes to ensure:
By working with non-compliant outsourcing companies post May 25, 2018, you expose yourself to a risk which has the potential for reputational damage, not to mention significant new fines which are up to €20 million or 4% of a company’s global annual turnover, whichever is higher.
If you have any additional questions regarding GDPR, we’ll be happy to have a member of our team assist you. Please contact us at [email protected]
Give QXAS accounts outsourcing a try. Get started with a free-trial.
Disclaimer – This blog is intended to provide helpful guidance on GDPR and does not constitute legal advice. You should undertake your own steps to ensure compliance.
Bringing forth rich marketing experience in the accounting industry, Vishal blends his wealth of knowledge and creativity to educate accountants about the pressing industry issues. He is passionate about marketing and helps accountants scale their practice through his detailed write-ups.
Unauthorized copying or plagiarism of our content is a violation of intellectual property rights. We take such matters seriously and will pursue legal action to protect our original work. Anyone found engaging in such activities will be held accountable under applicable laws.
Explore outsourcing solutions, request a free trial or discuss your practice’s needs with our expert consultants.
Book a Virtual Meeting 
Book an In-person Meeting 