Hiring extra help from outside your own country is a great idea.

You can get a completely new perspective on how to do tasks.

And how they can be done better.

A lot of business owners I know, because of this reason, hire VA.

And the reason typically remains the same - to free up time.

But hiring a VA should be done right, especially if the VA is in another country.

Let me give you what steps you can take with a case study.

Our client was running a service company in the education sector in the UK.

They wanted to engage a VA from another country.

But before they could properly get help from the VA, they needed an agreement.

Hence, they approached us to draft an agreement for this, along with providing legal advice to make sure everything is done right.

Problems:

1) Clear Commercial Terms:

They wanted to have an agreement with the VA defining commercial terms between them.

Everything should be clear, because the VA is another country, and time zones also play into the whole deal.

So clarity should be there from Day 1.

2) Data Security Concerns:

Their major concern was that the VA would have access to the company’s data, including the customer’s data.

And because our client is from the UK and the VA was from another country, they were unsure about this point.

3) UK GDPR Complexities:

They wanted to know what are the legal complexities of sharing this data with VA under UK GDPR.

Solutions:

1) Drafted a VA Agreement

Our first step was to define the relevant commercial terms agreed upon between the VA and the Company (our client).

This included providing job duties, compensation, contractor status, etc. 

The usual stuff, but made specific to his project.

But outside the typical clauses, we also included protective provisions like IP rights, non-compete, and confidentiality.

2) Advised on UK GDPR

Now this is where the main problems happen.

The VA was getting access to the personal data of Customers (data subjects) based in the UK.

And the VA was engaged as a “Contractor”, so she could have been classified as a “processor”.

So our role was to advise the client on the compliance requirements under UK GDPR, before sharing any data with VA.

3) Advised and Prepared the Addendum

Since the VA was an independent contractor and not an employee, we drafted a “data processing agreement” to comply with Article 28 GDPR.

Since the VA was an overseas contractor, an International Data Transfer Agreement (IDTA) needed to be signed between the Company (as an exporter) and VA (as an importer).

Lastly, we also advised the client on the different aspects of IDTA - purpose, security measures, handling data subject requests, etc.

The project was a success.

The client had the agreement in hand and also knew how to navigate GDPR.

Sharing data, especially cross-border, is never easy.

You have to consider the laws of your country or the country where you are getting the data from.

So next time you hire a VA, always consider these steps!

Need more tips like this? Follow me:

Linkedin | Twitter

Did someone forward this to you?