Topics: accountants, security

QXAS becomes India’s 1st GDPR compliant accounts outsourcing company

4 MIN READ | Posted on May 09, 2018
Written By VISHAL KURANI

QXAS becomes India’s 1st GDPR compliant accounts outsourcing company

Today we are incredibly proud to announce that QXAS has become the 1st accounts outsourcing company in India to be GDPR compliant!

Our delivery centers met with the requirements of GDPR on 26 April 2018 via the British Standards Institution’s 10012:2017 framework. We were awarded the standard exactly a month before the deadline comes into effect!

What is BS 10012:2017 Personal Information Management System?

Developed by the British Standards Institute (BSI), BS 10012:2017 is a UK standard which sets out the requirements for a personal information management system (PIMS).

It is the only available code of conduct which aligns with the principles of GDPR, outlining the core requirements organisations need to consider when collecting, storing, processing, retaining or disposing of personal records associated to individuals.

Our Commitment to Security and Regulatory Compliance

One of the challenges every outsourcing company faces is establishing trust with their clients. Getting the BS 10012:2017 compliance framework enables QX to demonstrate to our clients the maturity of our information security systems via an independent third party attestation. It also validates the measures we have taken to enable security, confidentiality, and availability of our customer data.

The BSI auditors had this to say after the certification was issued:

At this stage where most of the companies have just started their GDPR journey, such a mature and well drafted framework at QX is a proof of how ahead you are in the game. We had a difficult time finding a flaw in your system. The level of competency of people, the detailing of documentation and the involvement of people is commendable. It was a learning experience for us too and we wish you all the best for the future” – British Standards Institution

Why is a GDPR compliant outsourcing partner important for you?

GDPR impacts data processers and data controllers alike, making it imperative for outsourcing companies as data controllers to ensure that their dat aprocessing activities are carried out in accordance to the principles set forth in the GDPR.

Non-compliance can result in fines of up to 20 million euros or 4% of the total annual turnover of the preceding financial year, whichever is higher.  The risk of fines isn’t just the amount, non-compliance will also lead to reputational, operational and regulatory risks.

Article 28 “Requirements of a Data Processor” mandates that a data controller shall use only those processors that provide sufficient guarantees to implement appropriate technical and organisational measures.

How did we become GDPR compliant?

Data security has always been of paramount importance to us, but GDPR makes the security and privacy aspects even more important.  Businesses, both data controllers as well as data processers, need to meet a whole list of requirements to demonstrate GDPR compliance. They have to commit to enhancing their data inventory and mapping processes, revising written data processing agreements (DPAs), appointing a data protection officer (DPO), and putting a Data Protection Impact Assessment (DPIA) policy in place.

To become GDPR compliant via the BS 10012:2017 framework, we have implemented the following features:

  • We have appointed a Data Protection Officer (DPO) and formed a cross-functional team of data protection specialists to analyse and address the new requirements of GDPR. Among other tasks, this team helps with transparency, Privacy by Design, and conducting Data Protection Impact Assessments (DPIAs).
  • As required by the BS 10012: 2017 framework, we now offer all our accounting clients with a Data Protection Agreements (DPA) with GDPR clauses as a standard. This enables QX and its clients to comply with GDPR requirements. All our revised written contracts are based on the ICO (Information Commissioner’s Office) guidelines, which include these terms:
    • We have adequate levels of data protection controls in place for the transfer and processing of data
    • We only process personal data on documented instructions from our clients
    • We have a process which anonymises and encrypts data
    • We securely delete data after the required retention period /at the end of the contract
    • We submit to independent, third-party audit and inspections, and work with our clients to ensure we are both meeting Article 28 obligations
  • While we already use state-of-the-art servers in Europe for the storage of data, we have implemented additional security controls to ensure we as data controllers meet the ‘accountability principles’ under the GDPR requirements.
  • We have set up an official 72-hour, breach response plan that adheres with GDPR, and have an internal audit program for all processes to ensure QX is always in compliance with the rules set forth by the regulation.
  • We have conducted numerous awareness workshops so all employees know how to handle personal data here at QX. All senior level staff has now undergone training to ensure they maintain a DPIA at the early stages of any project that involves personal data. We have also conducted awareness training at our Board level to ensure our leadership teams are well aware of QX’s obligations under GDPR.

QX’s BSI certified GDPR team

As the 1st GDPR compliant, accounts outsourcing in India, we want our accounting clients to be confident in knowing that we’ve taken all the necessary steps to not only keep their data secure but to only collect and hold what is required.

Client support

We are also committed to help our clients prepare for the obligations under GDPR. If you have any specific questions regarding the GDPR requirements and how this may impact your use of QXAS please email us on [email protected] and our GDPR team will respond.

Give QXAS accounts outsourcing a try. Get started with a non-obligatory 10-hour free-trial.

Source: QX Ltd

VISHAL KURANI

Bringing forth rich marketing experience in the accounting industry, Vishal blends his wealth of knowledge and creativity to educate accountants about the pressing industry issues. He is passionate about marketing and helps accountants scale their practice through his detailed write-ups.

Unauthorized copying or plagiarism of our content is a violation of intellectual property rights. We take such matters seriously and will pursue legal action to protect our original work. Anyone found engaging in such activities will be held accountable under applicable laws.

Originally published May 09, 2018 02:05:36, updated Aug 06 2024

Topics: accountants, security


Don't forget to share this post!

Related Topics

Should British accountants outsource their tax and accounting work to India?

Should British Accountants Outsource The...

15 Nov 2024

Is the shortage of staff impacting your firm’s growth aspirations? Are some of your staff members ...

Read More
Autumn Budget 2024 Decoded: Key Changes & Updates to Know

Autumn Budget 2024 Decoded: Key Changes ...

11 Nov 2024

The Autumn Budget 2024 introduced significant changes impacting businesses, individuals, and the acc...

Read More
5 Tips for Accountants to Gain New Clients During the Self-Assessment Tax Season 2022

5 Tips for Accountants to Gain New Clien...

04 Nov 2024

Nothing excites accounting firms as new clients and seeing their faces light up by finding solutions...

Read More
Day_In_a_life_of_a_Auditor11

Day in the Life of an AVP – Audit ...

30 Oct 2024

Hello there, folks! Hello there, I’m Arjun Varshneya, AVP – Audit Operations at QX Accou...

Read More

Subscribe to our blog

Get the latest posts in email

We’re committed to your privacy. QX uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our privacy policy.