GDPR and Outsourcing


What is GDPR? And how can you inform yourself about this new regulation?

What is GDPR?

GDPR is a substitute for the 1995 Data Protection Directive, which has until now set the minimum requirements for processing statistics within the European Union (EU). GDPR will substantially enhance some rights such as monitoring or deleting the non-public statistics that a company holds. If your business is non-GDPR compliant, you can get a fine of up to €20M (£17.5M/ $23.5M) or 4% of the worldwide turnover (whichever is higher).

__What does it mean for you as a company?


GDPR affects every company. It does not matter whether you are a small business or a multinational company. Naturally, the biggest impact will be in the business sector which relies on acquiring and exploiting consumer data at scale. If you, as a company, rely on consent to process data, that consent now has to be explicit and informed – and renewed if the use changes.

__Do you need a Data Protection Officer (DPO)?


A DPO has to be employed based on two criteria: company size and the risk involved in processing data. Companies, with at least 250 employees, must employ a DPO. In addition, you have to hire a DPO also when you work with sensitive data such as collecting information about people’s health, race, religion or political preferences. Some of the responsibilities of a DPO is to educate the company’s employees on conducting regular security audits. Also, DPO is a bridge between the company and Supervisory Authorities to discuss issues related to data. You can find more information on DPO responsibilities in Article 39.

What happens after Brexit?

The GDPR Implementation Bill will be effective as a part of the UK regulation, way to the Data Protection bill that has been working its way via parliament since September 2017. The government has devoted to keeping the bill even after Brexit because it considers it as an important protective measure for its citizens. In principle, future authorities may want to change the legislation again – but even then, if any British employer wants to do business with European citizens could observe the law.

Is it relevant only for the EU?

No. Even though GDPR comes from the EU, you have to comply with the rules if you process data of EU citizens, regardless of where your business is based. Moreover, many businesses prefer to apply the terms globally. For example, Apple’s privacy measures are global, also as Facebook’s. Although Facebook does not promise to apply the whole GDPR globally, noting the conflict with privacy guidelines in different jurisdictions.

What if my outsourcing partner is based in a non-EU country, e.g. India?

If you are based in, for example, the Netherlands and your outsourcing partner is based in a non-EU country, such as Ukraine or India, you have to be careful. If your partner processes data in an illegal way, you are responsible. It means that you have to ensure that your offshore partner is fully GDPR compliant. In case that your partner is not in compliance with GDPR, there is a risk that you could be fined.

Why is better to have an outsourcing partner from the EU?

Based on the information provided above, we at Eastsource recommend to find and cooperate with an EU-based outsourcing partner. This simple fact ensures that your potential partner is in compliance with GDPR. And all rules apply equally to both parties. Thus, both you and the development service provider face fewer risks. Working with somebody who is from Ukraine or India, for example, would potentially result in insecurity.

Here are the most important definitions of GDPR bill, Article 4.

Personal Data

(1) ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;


(2) ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Written by Eastsource

GDPR and Outsourcing

From our community

Three Wolves, A Monkey, and a Dung Beetle Walk into a Hackathon

Hackathons are an incredible medium for creating new ideas, new friends, and finding out about yourself. As a semi non-technical person (i.e. I don’t code, at least not yet) I’ve always looked at hackathons with a sense of awe, as an unapproachable event that I always wanted to participate in. Well, I finally got my chance and it was an absolute blast!

What was the hackathon all about?

Hubfest 2018

Hubfest is the catalyst for interaction, bringing the coolest accelerators, startups, investors and innovation hubs in one place.

The co-working space as a platform for a token economy

Tokens can become a reward for those that contribute to the community. A community member can earn or sell within the ecosystem when interacting with the community ecosystem (as in: the wider network) or within the co-working space.

Three ways to think like a Growth Hacker

Growth Hacking is used by giants as Dropbox, AirBnB and Instagram. Discover how you can get the best results

The organisation as a community; creating high-performance together

How being part of a community enables to pool knowledge and adds value to business operations

How viral user acquisition is key

A new study looking at player behaviour around SEGA's Sonic Forces

Meet our members

Software Remediation and Consultancy Firm

May the Acceleration Commence!

November 19th marked the start of World Startup Factory’s latest accelerator. The goal? Taking the sustainability of our cities to the next level.

Bitcoin is Just an Idle Game

An analogy to shed some light on bitcoin and idle games. How elements of idle games mirror Bitcoin mining

The Hague Tech has partnered with Hubspot

In our continued effort to you with leading resources and tools in the startup marketplace, The Hague Tech is thrilled to announce the launch of our partnership with HubSpot for Startups. Our partnership gives you access to startup friendly pricing on HubSpot’s platform, dedicated sales and marketing strategy consulting, and a community of founders like you.

GDPR and Outsourcing

What is GDPR? And how can you inform yourself about this new regulation?

Meet our members

Software and Outsourcing Consultancy. Initiator AI Lab The Hague Tech

How One Developer Toppled an Empire

Idle games on the blockchain: earn more while also earning while 'idle' or in a state of doing nothing

Motion Capture on an Indie Budget

How The Hague Tech offered a helping hand to bring game characters to life through motion capture

Meet our members

Consultancy and services in the cyber, risk and intelligence domains

Software Development the Dutch way

Software development is one of those skills that every company is hungry for. Thousands of recruiters are scrolling LinkedIn looking for the perfect software developer. If you live in The Netherlands, where the shortage of tech talent is so tangible, finding the right engineers is a very critical task.