GDPR and its Impact on Outsourcing

With only weeks left before the effectivity date of the GDPR, businesses in Europe and across the globe are preparing to cater to the new EU regulation. As a global service provider, the outsourcing industry is one of the businesses that will be directly affected, especially IT outsourcing providers as they are more exposed to information security.


What is the GDPR?

The General Data Protection Regulation (GDPR) is a regulation on data protection and privacy within all members of the European Union (EU). It was approved and adopted by the EU on April 26, 2016, and will take effect on May 25, 2018 after a two-year transition.

 

The GDPR aims to strengthen data protection and privacy by giving European citizens and residents primary control over their personal data and to simplify the regulatory environment by unifying data protection for all EU citizens.

 

Key terms and what they mean

  • Data Controllers are companies or organisations controlling personal data.

  • Data Processors are companies or organisations processing personal data based on the data controller’s directives and in compliance with the GDPR regulations.

  • Data Subjects are the citizens and residents within the EU.

 

What constitutes as personal data?

Any information that can be used to identify a person. Examples include a person’s name, email address, photo, bank details, medical information, computer IP address, and even social media post.

 

Key changes you should know:

  • Increased Territorial Scope
    The regulation has extended the scope outside of the EU and it now also applies to companies collecting and processing data from individuals within the Union.

  • Penalties
    Fines are applicable to both controller and processor and can result to fines in €20 million ($25 million) or 4% of a company’s previous global annual revenue (whichever is greater).

  • Consent
    Terms and conditions must now be given in easy to understand and accessible forms attached with the purpose for data processing.

 

Who are affected?

  • Individuals and organisations located within the EU

  • Organisations located outside the EU providing services, and collecting and processing data from individuals within the EU

 

For citizens and consumers, this secures their personal data online and entitles them to certain rights such as the right to data erasure, right to access of information regarding their data, and right to be notified of a data breach, among others. Full list and information of data subjects’ rights can be found on the GDPR page.

On the other hand, businesses face the issues of giving citizens control over their complex personal data and ensuring thorough data security upon acquiring and deletion is a complicated technical and HR issue. Organisations are also at risk of huge fines if they do not comply.

 

So how does this affect outsourcing?

According to the 1Q18 EMEA ISG Index released by the Information Services Group (ISG), preparations of European enterprises for the GDPR resulted to a slump in the first quarter in the outsourcing market in Europe, Middle East and Africa (EMEA).

 

ISG EMEA partner and president Steve Hall commented:

“There is a degree of uncertainty in the European market that continues to depress demand for outsourcing. The focus on preparations for the sweeping GDPR data-privacy regulation and the impact this will have on business relationships is front of mind for many organisations and has led to a shift in priorities. The recent demise of Carillion and the financial uncertainty of some high-profile outsourcing companies has been extensively reported and has added a new degree of caution in the market.”

Hall also added:

“While traditional sourcing may have a bumpy ride in coming quarters, the trend toward as-a-service will continue to accelerate across Europe through 2018.”

In terms of outsourcing practices, there will be no major direct impact on the processes as outsourcing firms already practice privacy and security processes. Outsourcing firms need only to further strengthen security and privacy and align them with the GDPR guidelines. What will likely change is the relationship between the company and the outsourcing provider.

 

An example would be article 28 of the GDPR which states that the Controller must impose to its Processor a list of obligations to follow such as imposing technical and organisational procedures on the processor, increasing communication between the two parties, and determining which party bears the risk upon non-compliance of an obligation.

 

Compliance for both company and outsourcing firm is stricter, thus both should work on protecting each others’ liability. Outsourcing firms will have to follow the regulations set by their clients in accordance with the GDPR guidelines and strengthen their security procedures to ensure there will be no data breach.

 

Companies and outsourcing firms should have already started to assess the impact of the GDPR and implement the necessary changes before its implementation on May 25.

 

To ensure compliance, here are steps outsourcing providers can take to prepare for the GDPR:

  1. Understand the GDPR
    It is a must that any outsourcing provider know what the GDPR is, and how it affects your business. Key people in the IT outsourcing industry must understand its impact immediately and identify areas or processes that need changing in compliance with the regulation. It is also important to note that raising GDPR awareness and training the whole organisation is crucial especially for large companies that have multiple channels for storing and acquiring user data.

  2. Review existing processes and technologies
    Examining existing processes will help identify where new procedures and specialists are needed to comply with the GDPR. In addition, evaluating your current technology will help determine technical requirements to cater to data security, data auditing, and data privacy needs. Identifying and dealing with blind spots is a priority.

  3. Create a data register
    Creating a data register will help document your process of complying. As part of the GDPR, European countries will each have a Data Protection Association (DPA) that will enforce the GDPR and monitor your compliance. In case of a breach, you must be able to provide a data register to the DPA to show your progress.

  4. Assess and document risks
    It is important for IT outsourcing companies to document a roadmap ensuring security level is adequate. This includes encrypting and pseudonymisation of user data for further security. To ensure security, IT outsourcing providers must apply confidentiality, integrity, and availability of data processing systems and services.

  5. Continue to test and assess security
    After finalizing and establishing new processes, technology, and personnel in compliance with the GDPR, regular assessment and testing of all aforementioned areas must be done to ensure effectivity. Insights gathered must be used to improve. This will prepare your outsourcing firm in case of any breach.

 

All information regarding the GDPR can be found on their website.

 

For more on cybersecurity readiness, check out: Cybersecurity Readiness in the 21st Century

 

 


Be safe and secure working with Cloud Employee. Learn how Cloud Employee works, see our Developer Pricing Guide, or talk to us. You can hire dedicated offshore developers with us across many technologies.

Work with world leading tech businesses

We connect high-performing software engineer talent in the Philippines with some of the world’s leading and most innovative Tech companies.

Submit CV

Author

Andy Charters
Commercial Director
Struggling to hire developers?

Be up to date!

Sign up for our newsletters and get our latest outsourcing and tech news, and exclusive promotions.

If you’re interested to know more about our employee benefits and perks, you can download the booklet.

Download Now

Submit your CV today

One of our recruitment officers will get in touch with you!

    Our live jobs

    • Senior Front - End Developer - ANGULAR 6+

      Work with a leading UK company that works across multiple verticals within professional services globally, and has a skilled development team of 70 working remotely, operating across multiple continents. This is an outstanding opportunity for interested candidates to join a diverse team of experts, utilising some of the newest leading practises within frontend development.

    • Senior Full-Stack Ruby on Rails Developer

      A UK based award-winning Edutech platform business, working with Health & Social care organisations to ensure front line teams are fully trained and ready to help those in need. The company has seen an explosion of traction since Covid and their vision is to help save people’s lives.

    • Fullstack Wordpress & PHP Developer

      A brand development agency delivering high level growth with a multitude of companies across all levels, from corporates to SME's with globally known brands.

    • Ruby on Rails Developer

      As the sole developer in the team, you'll lead on all aspects and have a leading hand in shaping the future of the platform, working from back to front and playing a crucial part in the design, development and production of quality code. We're a close knit, remote working team and as such, you'll need to be self motivated and goal driven to keep everything moving at pace.

    • Senior PHP / Laravel Developer

      A leading UK company and is rapidly growing and recognised for their innovative service capabilities. With a legacy of many years at the forefront of the technology industry, they operate both nationally and internationally and place a premium on honesty, commitment and teamwork. With a solution strategically designed to support the ever-changing needs of service providers.

    • Wordpress Developer / SEO

      A leading UK digital marketing agency is looking for a highly skilled person to be their Wordpress Developer / SEO webmaster.

    • Senior Fullstack.Net Developer

      The company offers product and service stack presents end-to-end solutions for travel agents, tour operators, loyalty brands, hotels, conference destinations, OTAs and tourism organisations.

    • React JS Developer

      UK Company specialises in CRM memberships and subscription end clients.

    • Senior C++ Developer 14/17

      A UK leading institutional-grade exchange for trading asset-backed tokens (digital securities, security tokens, etc.).

    • React JS Developer

      A leading UK company well established in creating content apps and websites for their clients.

    How many hours do you want the developer to dedicate to working with you?

    What skillsets are you looking to hire?

    When do you need your developer to start ?