Myths are circulating about outsourcing and GDPR. Here are the facts.
If an outsourcing provider is accessing your servers from India then this, on its own, does NOT mean ‘GDPR compliance’.
Without other security measures and protocols in place then the Information Commissioner’s Office (ICO) could find what your practice is doing is illegal.
The ICO states that a restricted transfer takes place if “you are initiating and agreeing to send personal data, or make it accessible, to a receiver who is located in a country outside the UK” – note the part marked in bold.
You must also be aware that most accounting firms handle ‘special category’ personal data – such as healthcare invoices, records of union fees paid, or political/religious donations. So, if your outsourcer experiences a data breach and your controls are inadequate, you have a big problem.
So, what do you need to make sure is in place?
At Advancetrack we work with a top legal firm to ensure that we have the correct contractual measures in place. You contract with our UK legal entity and we handle the transfer to India.
We have also made considerable investment in security measures and controls around use of personal information, and have been assessed on this by numerous top accounting firms.
Additionally, we are certified by BSI against ISO27001:2022 Information Security and ISO27701/BS10012 Personal Information Management. More detail on our security can be found by clicking here.
Advancetrack give data protection the investment in time and resources that it needs. We need to sleep soundly at night – and so do you. Which is why data security and protocols receive our highest priority.
If you would like to speak to us about outsourcing and offshoring, please click here.