QX is proud to be the first recruitment process outsourcing company in India to be GDPR compliant. Our delivery centers met with the requirements of GDPR on 26 April 2018 via the British Standards Institution’s 10012:2017 framework.
BS 10012:2017 is the British standard which sets out the requirements for a personal information management system. It aligns with the principles of the European General Data Protection Regulation (EU GDPR), outlining the core requirements organizations need to consider when collecting, storing, processing, retaining or disposing of personal records related to individuals.
QX was audited by British Standards Institute (BSI), a service organisation that produces standards across a wide variety of industry sectors. And we are incredibly proud to have cleared the audit on 26 April 2018, a month before the deadline! The certificate is valid for 3 years.
Post the audit, BSI auditors remarked “At this stage where most of the companies have just started their GDPR journey, such a mature and well drafted framework at QX is a proof of how ahead you are in the game. We had a difficult time finding a flaw in your system. The level of competency of people, the detailing of documentation and the involvement of people is commendable. It was a learning experience for us too and we wish you all the best for the future”.
GDPR impacts data controllers and data processors alike, making it imperative for outsourcing companies to ensure that their data processing activities are carried out in accordance with the data protection principles set out in the GDPR. Failing to get data protection right is likely to damage your reputation, your customer relationships and, ultimately, your finances.
GDPR article 28 “Requirements of a Data Processor” mandates that a data controller shall use only those processors that provide sufficient guarantees to implement appropriate technical and organisational measures.
Being one of the UK’s leading suppliers of recruitment processes, payroll and accounting services, we were committed to implementing the GDPR by 25 May 2018. Our team had been working hard to ensure that our clients and our businesses are prepared for GDPR before the deadline and getting the BS 10012:2017 compliance framework validates the measures we have taken to enable security, confidentiality, and availability of our customer data.
We built incrementally on our existing internal security processes and procedures (ISO 27001) to ensure we meet the accountability principles under the GDPR requirements. We periodically assessed and analysed our systems and processes to ensure rock-solid data security.
As the first GDPR compliant, recruitment outsourcing company in India, we want our clients to be confident in knowing that we’ve taken all the necessary steps to not only keep their data secure but to only collect and hold what is required.
We are also committed to help our clients prepare for the obligations under GDPR. For more information on how we can support your compliance journeys get in touch with us on [email protected] or call on 0845 838 2462.
Originally published Aug 26, 2019 12:08:11, updated Nov 24 2021