FAQ: Does outsourcing to India mean ‘GDPR compliance’?

marvin meyer SYTO3xs06fU unsplash

Myths are circulating about outsourcing and GDPR. Here are the facts.

If an outsourcing provider is accessing your servers from India then this, on its own, does NOT mean ‘GDPR compliance’.

Without other security measures and protocols in place then the Information Commissioner’s Office (ICO) could find what your practice is doing is illegal.

The ICO states that a restricted transfer takes place if “you are initiating and agreeing to send personal data, or make it accessible, to a receiver who is located in a country outside the UK” – note the part marked in bold.

You must also be aware that most accounting firms handle ‘special category’ personal data – such as healthcare invoices, records of union fees paid, or political/religious donations. So, if your outsourcer experiences a data breach and your controls are inadequate, you have a big problem.

So, what do you need to make sure is in place?

  • Firstly, there needs to be appropriate risk assessment of, and contracts in place, with the overseas legal entity.
  • Secondly, your client engagement letter needs to reflect the possibility of transfer.
  • Finally, the data being transferred needs to be treated securely, both on your network and on the network of anyone accessing it.

At Advancetrack we work with a top legal firm to ensure that we have the correct contractual measures in place. You contract with our UK legal entity and we handle the transfer to India.

We have also made considerable investment in security measures and controls around use of personal information, and have been assessed on this by numerous top accounting firms.

Additionally, we are certified by BSI against ISO27001:2022 Information Security and ISO27701/BS10012 Personal Information Management. More detail on our security can be found by clicking here.

Advancetrack give data protection the investment in time and resources that it needs. We need to sleep soundly at night – and so do you. Which is why data security and protocols receive our highest priority.

If you would like to speak to us about outsourcing and offshoring, please click here.

Explore our resources

In the second of our series on debunking – or confirming – the chatter around how outsourcing and offshoring works,...
Read more
Vipul Sheth explains that, for all the changes practice leaders want their people to embrace to build sustainability, most of...
Read more
Our MD Vipul has been on his travels again, speaking to practice leaders about issues on their mind… is there...
Read more

Helping accountants confidently

Book a Call
Advancetrack®, Podsourcing®, Podshoring® and InsideOutsourcing® are Registered Trademarks of E-Accounting Solutions Limited. Unauthorised use is prohibited.

Copyright 2006 - 2024 © e-Accounting Solutions Limited. All Rights Reserved.
Contact Details
Advancetrack®
University of Warwick Science Park
The Venture Centre
Sir William Lyons Road
Coventry
CV4 7EZ 

UK Tel: +44 (0) 24 7601 6308

Advancetrack®  
Level 10, 20 Martin Place Sydney, New South Wales
NSW 2000, Australia

Tel: +61 27 202 1478
Back to top
crossmenuchevron-down