GDPR agencies

In this series of blogs, we look at the eight principles concerning candidate rights under the GDPR, for GDPR agencies. This post looks at the two principles of Subject Access Requests or SARs and the rights in relation to automated decision making

 

The right of access - Subject Access Requests or SARs

Individuals have the right to access their personal data and supplementary information, which gives them the opportunity to verify the lawfulness of the processing.

 

What does this mean for me?

  • You must provide this information free of charge within one month of receiving the request.

  • Your website’s self service candidate dashboard can not only allow every individual to make their own subject access request; it also time and date stamps the request to log and record it, and also allows fully auditable records to be produced if required.

 

Rights in relation to automated decision making

The GDPR provides safeguards for individuals against the risk that a potentially damaging decision is taken without human intervention. To prevent this, it is important to identify whether any of your processing operations constitute automated decision making and consider whether you need to update your procedures to deal with the requirements of the GDPR.

 

What does this mean for me?

  • If you use automated decision making, you must declare this as part of your fair processing information or privacy policy.

  • This can be handled by your website at the first point of contact when a new candidate registers.

 

Download your free guide to GDPR for recruitment agencies.