With less than seven months to the GDPR deadline, preparations should be at the top of the company’s board room agenda. There is no time for businesses to delay in preparing for one of the biggest changes to data protection law. Failure to do so can leave your company open to enforcement action that can damage your public reputation as well as bank balance.
QX is one of the UK’s leading suppliers of recruitment processes, payroll and accounting services. As a data processor, we process a large volume of data for our clients on a daily basis and take several effective measures to keep this data safe.
QX holds ISO 27001:2013 international standard for Information Security Management Systems for a number of years now, covering its divisions in its Indian delivery centre. This certification covers a framework of policies and procedures including all legal, physical and technical controls involved in an information risk management process. QX has also received Cyber Essentials Plus certification which covers a major portion of GDPR requirements. Cyber Essentials is the UK government-backed scheme to help businesses protect themselves against cyber threats. We are in the process of becoming BS 10012 certified, which is a personal information management certification that covers a wide range of GDPR requirements around building privacy into systems and processes.
The QX team has been working hard to ensure that our clients and our business are prepared for GDPR before May 2018. QX’s VP of Information Security, Amit Simon has been entrusted with an additional role of company Data Protection Officer (DPO) and will be responsible for reviewing QX’s regulatory compliance. With a Master’s in Information Technology and a Lean Six Sigma Black Belt, Amit has extensive experience in driving the process excellence vision of QX through tools and frameworks like ISO 9001, ISO 27001 and Lean and Six sigma. He has recently passed his IBITGQ Certified GDPR Practitioner examination and will act as the main point of contact for the EU commission during any audits and reviews. His knowledge, as well as experience in this area, is also available for QX clients should they need to look at their current processes in preparation for GDPR.
QX has its GDPR implementation programme in place. We are bringing additional clarity to the following aspects of our information security processes:
- Appointment of an internal Data Protection Officer (DPO)
- Setting up an official breach response plan that adheres with GDPR
- Adherence to existing DPIA (Data Protection Impact Analysis) policies to assess and mitigate any existing risks – we periodically assess and analyse our systems and processes to ensure rock-solid data security
- Setting up all the controls required for international data transfers
- Internal audit program to ensure that each QX department is in compliance with GDPR
- Our agreements with clients will be based on the ICO (Information Commissioner’s Office) guidelines and our clients can rest assured, knowing that we will follow the GDPR guidelines set by ICO
We are committed to implementing the GDPR by 25 May 2018 and have already begun our journey to becoming fully compliant. Is your recruitment process outsourcing partner GDPR ready?