We respect your privacy and are committed to protecting your personal data
Our Commitment To Security And Regulatory Compliance
Being one of the UK’s leading suppliers of accounting, finance and accounts, payroll and recruitment process outsourcing services, we are committed to implementing the GDPR. Our team ensures that our clients and our businesses are prepared for GDPR before we commence the processing. We are ISO 27001 and ISO 27701 compliant organization and these standards validate the measures we have taken to;
Enable compliance to GDPR requirements,
And protect confidentiality, integrity and availability of our client data.
QX Global Group has always honoured its clients’ right to data privacy and protection. We are the first outsourcing company in India to become GDPR compliant.
Why Is A GDPR Compliant Outsourcing Partner Important For You?
GDPR impacts data controllers and data processors alike, making it imperative for outsourcing companies (as data processors) to ensure that their data processing activities are carried out in accordance with the data protection principles set out in the GDPR. Failing to get data protection right is likely to damage your reputation, your customer relationships and, ultimately, your finances.
As the 1st GDPR compliant outsourcing company in India, we want our clients to be confident in knowing that we’ve taken all the necessary steps to not only keep their data secure but also to only collect and hold what is required.
APPOINTMENT OF A DPO
We appointed a Data Protection Officer (DPO) and formed a cross-functional team of data protection specialists to analyse and address the new requirements of GDPR. Among other tasks, this team helps with transparency, Privacy by Design, and conducting Data Protection Impact Assessments (DPIAs).
While we already use state-of-the-art servers in UK for the storage of data, we implemented additional security controls to ensure we as data controllers meet the ‘accountability principles’ under the GDPR requirements.
BREACH RESPONSE PLAN
We set up an official 72-hour, breach response plan that adheres with GDPR, and have an internal audit program for all processes to ensure QX is always in compliance with the rules set forth by the regulation.
All senior level staff has now undergone training to ensure they maintain a DPIA at the early stages of any project that involves personal data. We have also conducted awareness training at our Board level to ensure our leadership teams are well aware of QX’s obligations under GDPR.
Data Protection Agreements
As required by the ISO 27701 framework, we now offer all our accounting clients with Data Protection Agreements (DPA) with GDPR clauses as a standard. This enables QX and its clients to comply with GDPR requirements. All our revised written contracts are based on the ICO (Information Commissioner’s Office) guidelines, which include these terms:
We have adequate levels of data protection controls in place for the transfer and processing of data
We only process personal data on documented instructions from our clients
We have a process that anonymises and encrypts data
We securely delete data after the required retention period /at the end of the contract
We submit to independent, third-party audits and inspections, and work with our clients to ensure we are both meeting Article 28 obligations
Our GDPR Insights
QX Speaks GDPR
At QX we appreciate the importance of the General Data Protection Regulation (GDPR) and how it affects outsourcing. To ensure our compliance to the UK regulation we took initiatives such as appointing a DPO and becoming compliant via the ISO 27701 framework. We also conduct awareness workshops about how to handle personal data so that everyone in the organisation speaks GDPR.
QX’s Expert DPO Amit Simon
QX is proud to have Amit Simon, take on the role of company Data Protection Officer (DPO).
A Data Protection Officer (DPO) is someone who can enable compliance and is accountable for overseeing a business’s data protection strategy and its implementation to establish compliance with the GDPR requirements. And that’s exactly what Amit Simon does at QX.