FAQ: Does outsourcing to India mean ‘GDPR compliance’?

marvin meyer SYTO3xs06fU unsplash

Myths are circulating about outsourcing and GDPR. Here are the facts.

If an outsourcing provider is accessing your servers from India then this, on its own, does NOT mean ‘GDPR compliance’.

Without other security measures and protocols in place then the Information Commissioner’s Office (ICO) could find what your practice is doing is illegal.

The ICO states that a restricted transfer takes place if “you are initiating and agreeing to send personal data, or make it accessible, to a receiver who is located in a country outside the UK” – note the part marked in bold.

You must also be aware that most accounting firms handle ‘special category’ personal data – such as healthcare invoices, records of union fees paid, or political/religious donations. So, if your outsourcer experiences a data breach and your controls are inadequate, you have a big problem.

So, what do you need to make sure is in place?

  • Firstly, there needs to be appropriate risk assessment of, and contracts in place, with the overseas legal entity.
  • Secondly, your client engagement letter needs to reflect the possibility of transfer.
  • Finally, the data being transferred needs to be treated securely, both on your network and on the network of anyone accessing it.

At Advancetrack we work with a top legal firm to ensure that we have the correct contractual measures in place. You contract with our UK legal entity and we handle the transfer to India.

We have also made considerable investment in security measures and controls around use of personal information, and have been assessed on this by numerous top accounting firms.

Additionally, we are certified by BSI against ISO27001:2022 Information Security and ISO27701/BS10012 Personal Information Management. More detail on our security can be found by clicking here.

Advancetrack give data protection the investment in time and resources that it needs. We need to sleep soundly at night – and so do you. Which is why data security and protocols receive our highest priority.

If you would like to speak to us about outsourcing and offshoring, please click here.

Explore our resources

Xerocon 2024 entrance
Xero wowed the audience with its impending AI offering, but some simple but effective new tools and upgrades also caught...
Read more
Outsourced accountant meeting with client showing a chart
Where do accounting practices’ end clients fit into the outsourcing and offshoring picture?  The vast majority of questions relating to...
Read more
Kevin Reed picks out talent and resource as critical areas for the future of both accountants and the practices in which they work.
Read more

Helping accountants confidently

Book a Call
Advancetrack® and InsideOutsourcing® are Registered Trademarks of E-Accounting Solutions Limited. Unauthorised use is prohibited.

Copyright 2006 - 2024 © e-Accounting Solutions Limited. All Rights Reserved.
Contact Details
University of Warwick Science Park
The Venture Centre
Sir William Lyons Road
CV4 7EZ 

UK Tel: +44 (0) 24 7601 6308

Level 10, 20 Martin Place Sydney, New South Wales
NSW 2000, Australia

Tel: +61 27 202 1478
Back to top