WHAT IS GDPR?
General Data Protection Regulation (GDPR)
Approved by the EU parliament in April 2016, the General Data Protection Regulation will replace the Data Protection Directive, which currently regulates how personal data can be used.
The current directive was enacted before internet and Cloud tech became mainstream. Today, there are new (and unforeseen) ways of exploiting personal data: the GDPR seeks to address these threats by imposing tougher penalties for non-compliance and giving people greater control over what companies can do with their data.
The GDPR came into effect on 25 May 2018.
Six Core Principles
Lawfulness, fairness & transparency
Consent must be obtained from candidates before processing personal data. When collecting personal data, you should tell candidates who you are, how personal data will be processed and if personal data will be disclosed to third parties (i.e your clients).
Personal data must be kept in a form which permits identification of candidates for no longer than is necessary for the purposes for which the personal data are processed. You should have a data retention policy that identifies when and how records may be destroyed.
Integrity and confidentiality
Personal data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
01. Right to be informed
You need to provide 'fair processing information' over how you will use Candidate data, typically through a privacy notice:
what is the purpose and legal basis for processing the data
how the data is to be processed
who is involved in the processing of data
how long will the data be kept for
02. Right of access
Candidate have the right to verify and access their personal data and supplementary information.
03. Right to rectification
Candidates have the right to request for personal data to be rectified if it is inaccurate or incomplete.
How can Vincere help?
GDPR Compliant Feature Stack: