GDPR IS YOUR RESPONSIBILITY
But don’t worry, as confusing as the 88 page document might be, we’re here to help make it simple. So let’s start with the basics. As of the 25th May 2018, the General Data Protection Regulation (GDPR), comes into force; this is a new and important piece of legislation that has been created to replace the old and outdated Data Protection Act 1998.
The new rules have allowed for an increased level of legal certainty for data that travels between and beyond the European Union's borders. Additionally, it forces organisations to be more transparent with the way that they are using consumer data and, rightly so, holds them accountable for its use.
BUT I’M NOT LOCATED IN THE EU
That doesn’t matter! If your organisation operates within, stores data within, or processes data within the EU, at any point, then you MUST be compliant with GDPR as of the 25th May 2018.
So if you have customers in the UK or store UK customer information, you must be GDPR compliant. This is quite possibly a wake-up call for organisations in China, the USA, Japan, Singapore, India and other countries who think GDPR doesn’t apply to them – it does!
SO WHAT DOES THIS MEAN FOR ORGANISATIONS?
We are in the digital age, the age of information, where personal data is being passed around online at an ever-increasing rate; this data is important for a variety of reasons, such as identifying global trends for the government and also insights for businesses.
GDPR helps to protect the rights of the individuals whose data is being passed around, how it is collected and how it is stored or disposed of; this has been done to ensure that organisations handling this data are held accountable by strict data-use regulations that cover security, consent of use, and privacy.
In short, if you don’t comply with GDPR, you will face some pretty hefty fines! The regulations are a plenty, and getting any of them wrong could see you facing a fine for 4% of your global income, or 20 million euros.
WHAT HAVE VACANCY FILLER DONE TO HELP YOU?
As a business with a recruitment solution it is important that you consider the impact that the new GDPR legislation will have on your hiring activity. For Vacancy Filler customers, we have made it an easy process.
- REMOVING PERSONAL DATA - We have developed a new feature within our Recruitment Software which by default removes personal information after 12 months. We recommend this period of 12 months however this may be customised to suit your organisation or business needs
- WHAT DATA CAN BE KEPT FOR REPORTING - When data is removed, it is imperative to remove all personally identifiable data E.G. Name, address, email, all phone numbers, career and education history. We do understand that certain selected data is needed, such as equal opportunities information so you still are able to keep useful, reportable data that does not contain any sensitive information that may place individuals at risk or vulnerable in any way
- PRIVACY NOTICES - Privacy Notices are available at every candidate entry point, the notices are configurable and can be extended to cover the entire recruitment process
- DATA DELETION - To further enhance this safety issue, we have developed a capability where candidates can request for their own data to be deleted in order to comply with the 'Right to be Forgotten'
- SUBJECT ACCESS REQUEST - Candidates can exercise their right to be forgotten and subject access request (SARs) through the service desk provided
- DATA STORAGE - We store all data within the EU, co-located between the Ireland and London Amazon Web Services regions. All data is encrypted in transit and at rest with an encryption key per customer.
If you have any questions, queries or concerns around GDPR and your recruitment process, please do let us know by calling 01509 236 434 or email firstname.lastname@example.org
You can also view our datasheet here