THE CLOCK IS TICKING

What is the GDPR?

General Data Protection Regulation (GDPR)

Approved by the EU parliament in April 2016, the General Data Protection Regulation will replace the Data Protection Directive, which currently regulates how personal data can be used.

The current directive was enacted before internet and Cloud tech became mainstream. Today, there are new (and unforeseen) ways of exploiting personal data: the GDPR seeks to address these threats by imposing tougher penalties for non-compliance and giving people greater control over what companies can do with their data.

The GDPR comes into effect on in 25 May 2018. Recruitment firms which are non-compliant risk heavy fines.

SIX CORE PRINCIPLES

Lawfulness, fairness and transparency

Consent must be obtained from candidates before processing personal data. When collecting personal data, you should tell candidates who you are, how personal data will be processed and if personal data will be disclosed to third parties (i.e your clients)

Purpose limitations

Candidate data collected can only be used for legitimate and specific reasons, and you must inform candidates of these reasons.

Data minimization

Candidate data collected should be adequate, relevant and limited, and you are sufficiently capturing the minimum amount of data needed for processing.

Accuracy

You must take reasonable steps to ensure that personal data is accurate and kept up to date. This includes updating or deleting inaccurate data or when a candidate inform you of any changes.

Storage limitations

Personal data must be kept in a form which permits identification of candidates for no longer than is necessary for the purposes for which the personal data are processed. You should have a data retention policy that identifies when and how records may be destroyed.

Integrity and confidentiality

Personal data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

Candidate’s Rights

HOW CAN VINCERE HELP?

GDPR Website Stack:

Candidate Portal + Instant Job Board
  • ‘Right to be forgotten’: Candidates can request to be deleted
  • ‘Right to be informed’: Upon registration, candidates must agree to the terms under which you will keep and process candidate data
  • ‘Right to object’: They can also request to withdraw consent at any time
  • ‘Right of access’: Self-serve access for candidates to log in and update their profile at anytime
  • ‘Right to data portability’: Candidates can download their data as an Excel file

See website in action

img1

img2

GDPR Compliance dashboards
  • Get an at-a-glance view of the candidates that have given you consent by month
  • Track compliance levels over time
  • Ability to filter by consultants & locations
  • Drill into data to identify deleted records- what has been deleted who did it and when?
  • Align to KPIs – give your consultants compliance goals and track performance

View live dashboards

Data Security
  • Your data is hosted on best-in-class datacenters that are fully compliant of Industry Standard Accreditations, so you can be assured that all your data is safe in the Cloud.
  • SAS70 Type II – Detailed Service Auditor Report
  • PCI DSS Level 1 – PCI Data Security Standard
  • ISO 27001 – Certification for Security Management System
  • FISMA – Government Agency’s standard for Federal Information Security Management Act.
  • To learn more about our commitment to data security, visit our Trust page here.

img3

GDPR Strategy Guide
for Recruitment Businesses

Download the guide to find out exactly what you need to do stay compliant

GET THE GUIDE