People around a computer

What is GDPR?

GDPR stands for General Data Protection Regulation. It is a law by the European Union (EU) that came into force on May 25th, 2018. The GDPR regulates how we should use, process and store personal data (information about an identifiable, living individual).

From day one, CVWarehouse took a bottom-up approach to ensure full compliance and to allow the candidate to manage its personal data and information correctly.

Why it is important
to be compliant?

The GDPR was created to change the way businesses and other organisations can handle the data of those who interact with them.

Those who break the rules face heavy fines and reputational damage, leaving applicants feeling less secure and more hesitant to react to your job postings.

The CVWarehouse ATS is compliant by design

  • Candidates know which data and documents they share with your company and for which job. They fully control their data in real-time.

  • Companies can set up automatic retention periods, enforcing a simple process that allows candidates to decide what happens with their data.

  • When candidates want “to be forgotten” CVWarehouse takes full care of this through an automated process.

GDPR Communications

CVWarehouse sends regular updates, periodically or when needed, informing customers of relevant GDPR information.

 
 
 

CVWarehouse & GDPR,
frequently asked questions

What it means to be GDPR compliant?

In essence, GDPR compliance boils down to identifying which personally identifiable data are collected throughout an organization on its different data subjects and for what purpose:

  • Consumers (B2C)
  • Customers and business partners (B2B)
  • Candidates & Employees (Recruitment & HR)

Especially the transparency obligation to be able to inform a data subject about what data you collect for what purpose, to allow the data subject to amend and correct these data and to give or not give consent to use certain data can present quite a technological challenge if you want to give the data subject such control.

The right to be forgotten (remove a subject’s data altogether, even historic data) and the rulings on data portability (the obligation to send all data you keep on a data subject to the data subject in a machine-readable format (PDF, csv, XML)) evidently add to this challenge.