WHAT IS GDPR?
General Data Protection Regulation (GDPR)
Approved by the EU parliament in April 2016, the General Data Protection Regulation will replace the Data Protection Directive, which currently regulates how personal data can be used.
The current directive was enacted before internet and Cloud tech became mainstream. Today, there are new (and unforeseen) ways of exploiting personal data: the GDPR seeks to address these threats by imposing tougher penalties for non-compliance and giving people greater control over what companies can do with their data.
The GDPR came into effect on 25 May 2018.
Six Core Principles
Candidate's Rights
You need to provide 'fair processing information' over how you will use Candidate data, typically through a privacy notice:
- What is the purpose and legal basis for processing the data
- How the data is to be processed
- Who is involved in the processing of data
- How long will the data be kept for
Candidate have the right to verify and access their personal data and supplementary information.
Candidates have the right to request for personal data to be rectified if it is inaccurate or incomplete.
Also known as 'the right to be forgotten'. Candidates can request the deletion or removal of personal data.
Candidates have the right to block or suppress processing of personal data. When this happens, you can still store the data but not process it.
Candidates are allowed to obtain and reuse their personal data for their own purposes across different services. You need to allow candidates to move, copy or transfer personal data easily in a safe and secure manner.
Candidates have the right to object to:
- Processing based on legitimate interest or the performance of a task in the public interest/exercise of official authority
- Direct marketing
- Processing for purposes of scientific/historical research and statistics
The GDPR provides safeguards against the risk that a potentially damaging decision is taken without human intervention.
How can Vincere help?
GDPR Compliant Feature Stack:
✔ Automated Consent tracking (including legal basis of processing properties)
✔ Embedded GDPR-compliant website and recruitment workflows
✔ Candidate portal and Engagement Hubs (to allow candidates to modify data and exercise rights)
✔ Auditable activity logs and history (including timestamps)
✔ Compliance Dashboard: Out-of-the-box reports to track compliance levels over time

GDPR Compliance dashboards:
✔ Get an at-a-glance view of the candidates that have given you consent by month
✔ Track compliance levels over time
✔ Ability to filter by consultants & locations
✔ Drill into data to identify deleted records- what has been deleted who did it and when?
✔ Align to KPIs & Goals – give your consultants compliance goals and track performance
Disclaimer:
This information is not, and is not intended to be, legal advice, where an attorney applies the law to your specific circumstances, so we insist that you consult an attorney if you’d like advice on your interpretation of this information or its accuracy. In a nutshell, you may not rely on this webpage and its content as legal advice, nor as a recommendation of any particular legal understanding.
One platform to accelerate growth.
Ready to see Vinny in action?