Dispelling GDPR and outsourcing myths

paulius dragunas uw NWjC1mBE unsplash scaled

Believe the GDPR myths, and you could see the information regulator come down on you and your firm.

There are a few myths circulating in the accounts outsourcing industry about what is required to make outsourcing legal from a GDPR perspective. Chief among these is the idea that if someone is accessing your servers from India then this, on its own, is GDPR compliant. Without other measures in place this is actually illegal, and you can get into a lot of trouble with the ICO as a result. The ICO makes it quite clear that this is the case – they say that a restricted transfer takes place if “you are initiating and agreeing to send personal data, or make it accessible, to a receiver who is located in a country outside the UK” – note the part marked in bold.

To make this worse, you may not be aware that most accounting firms handle ‘special category’ personal data – such as healthcare invoices, records of union fees paid, or political/religious donations. So, if your outsourcer experiences a data breach and your controls are inadequate, you have a big problem.

So, what do you need to make sure is in place?

  • Firstly, there needs to be appropriate risk assessment of and contracts in place with the overseas legal entity.
  • Secondly, your client engagement letter needs to reflect the possibility of transfer.
  • Finally, the data being transferred needs to be treated securely, both on your network and on the network of anyone accessing it.

At Advancetrack we work with a top legal firm to ensure that we have the correct contractual measures in place. You contract with our UK legal entity, and we handle the transfer to India. We have also made considerable investment in security measures and controls around use of personal information and have been assessed on this by numerous top accounting firms. Additionally, we are certified by BSI against ISO27001:2022 on information security and ISO27701/BS10012 on personal information management.

Advancetrack give data protection the investment in time and resources that it needs. As a result, we are not the cheapest in the market, but you need to ask yourself how much it is worth for you to sleep soundly at night!

If you’d like to talk to us about planning for outsourcing, or getting a better understanding of the regulation that both you and Advancetrack must comply with, get in contact by clicking here.

Explore our resources

In the second of our series on debunking – or confirming – the chatter around how outsourcing and offshoring works,...
Read more
Vipul Sheth explains that, for all the changes practice leaders want their people to embrace to build sustainability, most of...
Read more
Our MD Vipul has been on his travels again, speaking to practice leaders about issues on their mind… is there...
Read more

Helping accountants confidently

Book a Call
Advancetrack®, Podsourcing®, Podshoring® and InsideOutsourcing® are Registered Trademarks of E-Accounting Solutions Limited. Unauthorised use is prohibited.

Copyright 2006 - 2024 © e-Accounting Solutions Limited. All Rights Reserved.
Contact Details
Advancetrack®
University of Warwick Science Park
The Venture Centre
Sir William Lyons Road
Coventry
CV4 7EZ 

UK Tel: +44 (0) 24 7601 6308

Advancetrack®  
Level 10, 20 Martin Place Sydney, New South Wales
NSW 2000, Australia

Tel: +61 27 202 1478
Back to top
crossmenuchevron-down