The General Data Protection Regulation (GDPR) will become reality on May 25, 2018, and organisations across the globe are preparing to meet the extensive requirements of the new regime.
As an evolution of the 1995 Data Protection Directive, GDPR introduces a new concept of accountability, which requires businesses that deal with EU data to "demonstrate compliance" with the core principles of data protection.
While the change stems from Europe, organisations around the world must comply if they offer goods and services to the EU.
This includes implementing a more prescriptive data processing arrangement. However, it doesn’t stop at how the data is processed within your practice. It also includes how data moves to and between the companies you work with, right from payroll bureaus, cloud providers, to outsourcing companies.
The roles of ‘data processors’ and ‘data controllers'
If you are an accountancy practice you are the data controller. That is because as a data controller you determine the purposes and means of processing personal data. In plain English, you decide what the data is for and what's going to happen to it. But a data processor has a distinct meaning under GDPR. It refers to the person or body who is separate from you (i.e. not an employee) and who processes personal data on your behalf. In plain English, the controller gives the processer a specific job to to and the processor does it. This in our case would be an outsourcing company like QXAS.
Choosing an outsourcing provider (GDPR Supplier checklist)
GDPR marks a huge change in the balance of responsibility between data controller and data processor. Under the new regulations, outsourcing companies will have more responsibility to protect their clients' data. Which means as data controllers accountancy firms will have to start questioning their current or potential outsourcing partners if they meet GDPR requirements and how they can demonstrate it.
To help you ensure your outsourcing provider is complying with GDPR, use our three-pronged supplier checklist, which takes into account the legal, operational and technological perspective:
How is QXAS protecting your personal data?
Trust is the foundation of our relationship with our accounting clients. We value the confidence they put in us and take full responsibility of protecting their information seriously.
First GDPR compliant knowledge process outsourcing (KPO) company in India
QXAS met with the requirements of GDPR on 26 April 2018 via the ISO BS 10012:2017 framework – it’s the only available industry code of conduct that aligns with GDPR requirements. We are the first outsourcing company in India to have been awarded the standard – exactly a month before the deadline comes into effect!
What does it mean to be a BS10012 certified service provider?
It means we has developed and deployed standard processes to ensure:
Why is this important to accounting practices outsourcing to India?
By working with non-compliant outsourcing companies post May 25, 2018, you expose yourself to a risk which has the potential for reputational damage, not to mention significant new fines which are up to €20 million or 4% of a company’s global annual turnover, whichever is higher.
If you have any additional questions regarding GDPR, we’ll be happy to have a member of our team assist you. Please contact us at firstname.lastname@example.org
Give QXAS accounts outsourcing a try. Get started with a free-trial.
Disclaimer – This blog is intended to provide helpful guidance on GDPR and does not constitute legal advice. You should undertake your own steps to ensure compliance.
My name is Vishal Kurani, the author of the QXAS blog and I appreciate you stopping by! I help accountants gain Accounts Outsourcing knowledge through my easy to follow blogs and guides. Download my free guide "The Accountants Guide to Making Payroll Profitable" to learn how to make payroll profitable for your accountancy practice.