There’s no doubt that General Data Protection Regulation (GDPR) will have a major impact on how recruitment agencies function. QX is one of the UK’s leading suppliers of recruitment processes, payroll and accounting services, serving 7 of the top 30 healthcare recruitment agencies in the UK. We process large volumes of information for our clients and we take several effective measures to keep this data safe.
Our offices (UK and India) are ISO 27001:2013 certified, which means that we adhere to international standards for managing the security of assets such as financial information, intellectual property, employee details or information entrusted to us by third parties. Our office in the UK is CyberEssentials Plus certified (which covers a large portion of GDPR requirements) and we are well on the way to certify our offices in India for the same.
The QX team has been working hard to ensure that our clients and our business are prepared for GDPR before May 2018 and we have our own in-house IBITG certified GDPR practitioner to ensure we are GDPR ready ourselves. In addition, we are in the process of becoming BS 10012 compliant – this is a personal information management certification that covers a wide range of GDPR requirements around building privacy into systems and processes. We are on track with the plan and all our offices will be GDPR compliant well before May 2018.
As a part of our drive to build GDPR compliance into our business, we are bringing additional clarity to the following aspects of our information security processes:
- Setting up an official breach response plan that adheres with GDPR
- Activities guided by a certified GDPR Practitioner
- Appointment of an internal Data Protection Officer (DPO)
- Setting up all the controls required for international data transfers
- Internal audit program to ensure that each QX department is in compliance with GDPR
- Adherence to existing DPIA (Data Protection Impact Analysis) policies to assess and mitigate any existing risks – we periodically assess and analyse our systems and processes to ensure rock-solid data security
- Our agreements with clients will be based on the ICO (Information Commissioner’s Office) guidelines and our clients can rest assured, knowing that we will follow the GDPR guidelines set by ICO.
QX complete adherence to GDPR before May 2018 will ensure that our clients continue to enjoy smooth and seamless service delivery. Is your outsourcing partner prepared for GDPR?