As of May 2018, the new European General Data Protection Regulation (GDPR) will apply.
In essence, GDPR compliance boils down to identifying which personal identifiable data are collected throughout an organization on its different data subjects and for what purpose:
- Consumers (B2C)
- Customers and business partners (B2B)
- Candidates & Employees (Recruitment & HR)
Especially the transparency obligation to be able to inform a data subject about what data you collect for what purpose, to allow the data subject to amend and correct these data and to give or not give consent to use certain data can present quite a technological challenge if you want to give the data subject such control.
The right to be forgotten (remove a subject’s data altogether, even historic data) and the rulings on data portability (the obligation to send all data you keep on a data subject to the data subject in a machine-readable format (PDF, csv, XML)) evidently add to this challenge.
The obligation of executing all of the above change requests of a data subject in your organization within a month’s time will make you wish you had a system in place that takes care of that for you.
With CVWarehouse, all of the above requirements are already covered.
From day one, CVWarehouse took privacy seriously and took a bottom-up approach that allows the candidate to manage its personal data and information correctly (and actively give consent to use their data for the sole purpose of recruitment).
This approach makes CVWarehouse GDPR compliant by design:
- Candidates know which data and documents they share with your company for which job or even talent pool.
- They control this sensitive data and are able to change or delete them real-time, any time.
- When candidates want “to be forgotten” CVWarehouse takes care of that for them too.
So don’t worry about your candidates & GDPR, we had you covered from day one!