The General Data Protection Regulation (GDPR) will become reality on May 25, 2018, and organisations across the globe are preparing to meet the extensive requirements of the new regime.<\/p>\n\n\n
As an evolution of the 1995 Data Protection Directive, GDPR introduces a new concept of accountability, which requires businesses that deal with EU data to “demonstrate compliance” with the core principles of data protection.<\/p>\n\n\n\n
While the change stems from Europe, organisations around the world must comply if they offer goods and services to the EU.<\/p>\n\n\n\n
This includes implementing a more prescriptive data processing arrangement. However, it doesn\u2019t stop at how the data is processed within your practice. It also includes how data moves to and between the companies you work with, right from payroll bureaus, cloud providers, to outsourcing companies.<\/p>\n\n\n\n
If you are an accountancy practice you are the data controller. That is because as a data controller you determine the purposes and means of processing personal data. In plain English, you decide what the data is for and what’s going to happen to it. But a data processor has a distinct meaning under GDPR. It refers to the person or body who is separate from you (i.e. not an employee) and who processes personal data on your behalf. In plain English, the controller gives the processer a specific job to to and the processor does it. This in our case would be an outsourcing company like QXAS.<\/p>\n\n\n\n
GDPR marks a huge change in the balance of responsibility between data controller and data processor. Under the new regulations, outsourcing companies will have more responsibility to protect their clients’ data. Which means as data controllers accountancy firms will have to start questioning their current or potential outsourcing partners if they meet GDPR requirements and how they can demonstrate it.<\/p>\n\n\n\n
To help you ensure your outsourcing provider is complying with GDPR, use our three-pronged supplier checklist, which takes into account the legal, operational and technological perspective:<\/p>\n\n\n\n
Trust is the foundation of our relationship with our accounting clients. We value the confidence they put in us and take full responsibility of protecting their information seriously.<\/p>\n\n\n\n
QXAS met with the requirements of GDPR on 26 April 2018 <\/strong>via the ISO BS 10012:2017<\/a> framework \u2013 it\u2019s the only available industry code of conduct that aligns with GDPR requirements. We are the first outsourcing company in India to have been awarded the standard \u2013 exactly a month before the deadline comes into effect!<\/p>\n\n\n\n It means we has developed and deployed standard processes to ensure:<\/p>\n\n\n\n By working with non-compliant outsourcing companies post May 25, 2018, you expose yourself to a risk which has the potential for reputational damage, not to mention significant new fines which are up to \u20ac20 million or 4% of a company\u2019s global annual turnover, whichever is higher.<\/p>\n\n\n\n If you have any additional questions regarding GDPR, we\u2019ll be happy to have a member of our team assist you. Please contact us at contact@qxas.co.uk <\/a><\/p>\n\n\n\nWhat does it mean to be a BS10012 certified service provider?<\/h3>\n\n\n\n
\n
Why is this important to accounting practices outsourcing to India?<\/h3>\n\n\n\n