1. Contracting
    1. General
      1. Brexit
    2. Business / Contracts
      1. Coronavirus Assistance
    3. Accounting / Legal
      1. Umbrella Companies
      2. HMRC Scheme Enquiries
      3. The Future of Contracting
      4. IR35 Reform
    4. Technical
    5. Welcome / FAQs
  2. Social
    1. Light Relief
    2. Social / Events
  • Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

Working from European country on UK contract

Collapse
X
51 to 60 of 66 Previous 1 3 4 5 6 7 template Next
Collapse
Reply to Thread
  •  
  • Filter
  • Time
  • Show
Clear All
new posts
51 to 60 of 66 Previous 1 3 4 5 6 7 template Next
    #51
    Originally posted by eek View Post

    The only assumption you are making is the idea that you can look at a company or sector as a whole and from that derive the actual details of the company as a whole.

    You simply can't do that - as a company may have way higher security restrictions than would be obvious simply because of a third party client that requires that that you as a contractor looking into the company would never see.
    I can operate 100% in compliance with my agreements and the clients written policies. If this is not enough, then I concede you are correct and working abroad only works with explicit permission from all concerned parties.

    I do not know my clients customers agreements with my clients. I only know their data lives in the EEA due to the locations of various Oracle SaaS systems. If my clients customer does not agree with EEA data, then my client isn't compliant I guess.

    I've never had a problem telling clients I will be abroad at various times. Maybe I have been very very lucky.

    "that you as a contractor looking into the company would never see."
    maybe you need to work in more strategic role rather than just keeping a seat warm.
    Last edited by ConsultingTechArchitect; 7 June 2022, 14:17.

    Comment

      #52
      Originally posted by ConsultingTechArchitect View Post
      More attempts to avoid answering the question
      So once again how does it work if you wilfully and intentionally don't tell people up front where you are working from as you suggested earlier?

      As before you started talking about yourself in the last 5 posts that is what you suggested the OP did in post 30
      Originally posted by ConsultingTechArchitect View Post


      2. You don't tell your clients where you are based and you take relevant SecOps precautions to make sure nobody finds out.

      and then again in post 36

      Originally posted by ConsultingTechArchitect View Post

      You can abstractly lump clients and agents into the same bucket here - all must be happy or unaware.
      Everybody in your contractual chain must be happy, or unaware, of the arrangement.
      Yet since then rather than say you are wrong you've talked about how it's not an issue for you while I've pointed out how it would be a problem were I paying you to do some work....

      And all this comes from a single point - few agencies will accept people working overseas because they don't want the hassle and the risk.

      And by suggesting to the OP that they try to hide their true location to the agency / end client all you are doing is adding risk and potentially an awful lot of hassle.
      merely at clientco for the entertainment

      Comment

        #53
        Originally posted by ConsultingTechArchitect View Post

        Does it need to be said that I am not telling people to NOT use their common sense.

        Obviously if your clients data policies have strong data sovereignty rules, you should follow them otherwise you are a walking data breach. There are plenty of organisations that don't demand their data is kept in the UK. It depends on the client, industry etc.
        Yes it does. Option 2 made it very clear you weren't telling them and going out of your way to hide it. Again, general rule is, if you can't tell your client you shouldn't be doing it.
        I don't work in intelligence or public sector, I work with clients who often have their data spread across SaaS applications based in various parts of the world. You can't say you don't want your data to leave the UK when it's hosted on a SaaS app in the EEA or US.
        Wrong. If a client has those rules then their hosting will either be UK based or been through a very rigorous process with signed off risks. Some public sector clients have very firm rules on data outside the UK but had to give dispensation for using data centres in Amsterdam. It's not ideal but it's the best they could do but it took months to get the correct sign off for it.

        Just because a client has its data not on UK soil they can still mandate no work or data goes abroad. It's about management of risk.
        'CUK forum personality of 2011 - Winner - Yes really!!!!

        Comment

          #54
          Originally posted by ConsultingTechArchitect View Post

          I can operate 100% in compliance with my agreements and the clients written policies. If this is not enough, then I concede you are correct and working abroad only works with explicit permission from all concerned parties.

          I do not know my clients customers agreements with my clients. I only know their data lives in the EEA due to the locations of various Oracle SaaS systems. If my clients customer does not agree with EEA data, then my client isn't compliant I guess.

          I've never had a problem telling clients I will be abroad at various times. Maybe I have been very very lucky.

          "that you as a contractor looking into the company would never see."
          maybe you need to work in more strategic role rather than just keeping a seat warm.
          So absolutely nothing to do with option 2 you put about not telling them and hiding your tracks then. You are right in everything you've said so far but all of that has been completely different to 'You don't tell your clients where you are based and you take relevant SecOps precautions to make sure nobody finds out.' Thats the point people are trying to make to you.
          'CUK forum personality of 2011 - Winner - Yes really!!!!

          Comment

            #55
            Originally posted by northernladuk View Post

            So absolutely nothing to do with option 2 you put about not telling them and hiding your tracks then. You are right in everything you've said so far but all of that has been completely different to 'You don't tell your clients where you are based and you take relevant SecOps precautions to make sure nobody finds out.' Thats the point people are trying to make to you.
            I thought as long as you follow the policies and agreements, you could go wherever you want.

            I am told that is not the case. Even if you're 100% within the scope of all agreements and client policies, there could still be an issue with a customer agreement about data protection or something. If that's the case. I am wrong with point 2.

            This does confuse me though. If I have to comply with unwritten rules that sit outside of policy documents and agreements, what other trouble am I setting myself up for? Organisations should be more explicit about what you can and what you cannot do, I don't think its possible to document everything you can't do though?

            My whole assumption was that if you follow the rules, you can work from somewhere in the EEA (with a UK client). Clearly following the rules is not enough, you need explicit agreements on location.
            Last edited by ConsultingTechArchitect; 7 June 2022, 14:45.

            Comment

              #56
              Originally posted by ConsultingTechArchitect View Post

              I thought as long as you follow the policies and agreements, you could go wherever you want.
              You can but if you have to hide it from the client then something is wrong.
              I am told that is not the case. Even if you're 100% within the scope of all agreements and client policies, there could still be an issue with a customer agreement about data protection or something. If that's the case. I am wrong with point 2.
              At last!!!!
              This does confuse me though. If I have to comply with unwritten rules that sit outside of policy documents and agreements, what other trouble am I setting myself up for? Organisations should be more explicit about what you can and what you cannot do, I don't think its possible to document everything you can't do though?

              My whole assumption was that if you follow the rules, you can work from somewhere in the EEA (with a UK client). Clearly following the rules is not enough, you need explicit agreements on location.
              Security isn't about written rules. It's about management of risk. The rules are a framework. Risk management is the responsibility of everyone. If you encounter a situation that's not clear in rules you seek clarification so an assessment can be made. If you make a serious F up with data pointing at your contract or their rules isn't going to help you if you haven't followed proper procedures to manage it. Daft example but I am sure there isn't a rule about walking round with your laptop bag half unzipped. If someone nicks your laptop you can't just say ah but you didn't have a rule.
              'CUK forum personality of 2011 - Winner - Yes really!!!!

              Comment

                #57
                Originally posted by northernladuk View Post
                You can but if you have to hide it from the client then something is wrong.
                It's been made clear to me that this is not correct. You cannot do this without permission due to agreements within your client that are not documented in their policies.

                Point 2 was still correct, you have the option of working from wherever you want without your clients knowledge..... but you're accepting the risk.

                Comment

                  #58
                  Originally posted by ConsultingTechArchitect View Post

                  It's been made clear to me that this is not correct. You cannot do this without permission due to agreements within your client that are not documented in their policies.

                  Point 2 was still correct, you have the option of working from wherever you want without your clients knowledge..... but you're accepting the risk.
                  Nope, Point 2 is utterly insane - then again it seems we care about data security rather more than you do...

                  As for the rest - you are a contractor being brought in to do a piece of work - I doubt you average end client / agency is going to care enough about Data Sovereignty to give the contractor the policies given that they've been led to believe the contractor is in the UK..
                  Last edited by eek; 7 June 2022, 15:10.
                  merely at clientco for the entertainment

                  Comment

                    #59
                    Originally posted by ConsultingTechArchitect View Post

                    It's been made clear to me that this is not correct. You cannot do this without permission due to agreements within your client that are not documented in their policies.

                    Point 2 was still correct, you have the option of working from wherever you want without your clients knowledge..... but you're accepting the risk.
                    But again that is no way to business. The term 'without your clients knowledge' is completely wrong. 'If the client is OK with it' is what you should be saying. If there is any doubt at all about what you are doing you check with the client. It's as simple as that.
                    'CUK forum personality of 2011 - Winner - Yes really!!!!

                    Comment

                      #60
                      Originally posted by ConsultingTechArchitect View Post
                      Point 2 was still correct, you have the option of working from wherever you want without your clients knowledge..... but you're accepting the risk.
                      What risk are you accepting?
                      Your company insurance won't cover you.
                      But hey, if you've got £17.5million (or €20million depending on jurisdiction), then you can afford the fine.

                      That's why some of us sit through repeated courses on data protection, processing, sovereignty, etc, which have to be signed off, after sitting tests, to say that we understand and fully comply, and we have quite high levels of business insurance.
                      …Maybe we ain’t that young anymore

                      Comment

                      Reply to Thread
                      51 to 60 of 66 Previous 1 3 4 5 6 7 template Next

                      Advertisers

                      1. Contracting
                        1. General
                          1. Brexit
                        2. Business / Contracts
                          1. Coronavirus Assistance
                        3. Accounting / Legal
                          1. Umbrella Companies
                          2. HMRC Scheme Enquiries
                          3. The Future of Contracting
                          4. IR35 Reform
                        4. Technical
                        5. Welcome / FAQs
                      2. Social
                        1. Light Relief
                        2. Social / Events
                      Working...
                      X