GDPR recruitment database

Every recruitment website should function as a management tool within the new data protection climate

 

Making your recruitment website work hard as a GDPR recruitment database will help you manage data effectively while protecting the rights of every data subject. 

 

Following my post before Christmas that noted the benefits of understanding the spirit of the GDPR, this post takes a look at the individual rights under the legislation and, specifically, how your website can support your GDPR compliance.  

 

The rights are listed below, to give an understanding of candidate rights under the new legislation.

 

1. The right to be informed

  • The onus is on the recruiter to inform individuals of their right to object at the first point of communication - and this can be handled automatically by your website.

  • Version control is critically important when adding and updating your privacy policies, to support pre and post Privacy Directive messaging and show which version of your policy the individual has consented to. This ensures accurate data logging and audit control. 

 

2. The right to rectification

  • You must respond to the request and action it within one month.

  • Your website can handle this for you providing the candidate has access to a self-service dashboard that allows the individual to login and manage their own data as they wish.

 

3. The right to erasure - the right to be forgotten or RTBF

  • You must respond to the request and action it within one month.

  • This is a request that can be handled by the individual by logging in to their self service dashboard and requesting their RTBF.

  • It’s important that this action is validated, as there may be circumstances where data should be kept (eg where there is a legal duty to keep records).

 

4. The right to data portability

  • This right only applies to personal data an individual has provided to a controller and where processing is carried out based on consent or by automated means.

  • You must provide this data free of charge and in a commonly used format.

  • In the Volcanic dashboard, the individual can access and download all their data as a csv file.


 

5. The right to restrict processing

  • You are permitted to store the data but not further process it, and you may only retain enough information to ensure the restriction is respected in future.

  • One simple way to achieve this in your web platform is to suspend the user. This will prevent any further processing of data relating to that individual.

 

6. The right to object

  • You must inform the individual of their right to object at the point of first communication, which can be handled automatically by your website once you’ve uploaded your privacy notice.

  • You must stop processing personal data for direct marketing purposes instantly, as soon as you receive the objection.

  • Individuals can be unsubscribed through logging in to their dashboard and withdrawing consent or unsubscribing to email alerts. This should also be able to be managed directly by the recruiter.

 

7. The right of access - Subject Access Requests or SARs

  • You must provide this information free of charge within one month of receiving the request.

  • Your website’s self service candidate dashboard can not only allow every individual to make their own subject access request; it also time and date stamps the request to log and record it, and also allows fully auditable records to be produced if required.

 

8. Rights in relation to automated decision making

  • If you use automated decision making, you must declare this as part of your fair processing information or privacy policy.

  • This can be handled by your website at the first point of contact when a new candidate registers.

 

Download your free guide to GDPR for recruitment agencies.