Over the past few months, we’ve been asked many questions about the Volcanic GDPR-compliant Compliance Area featuring the self-service candidate dashboard. Our series of blogs sets out to answer the most frequently asked questions.
Here, we cover off some of the more general questions.
What is the GDPR?
The EU General Data Protection Regulation (GDPR) will supersede the 1995 Data Protection Directive. It introduces tougher fines for non-compliance and breaches and gives individuals more say over what companies can do with their data. It also standardises data protection rules throughout the EU.
When does the GDPR become law?
The GDPR comes into force on 25 May 2018.
What are the lawful bases for processing?
You must have a valid lawful basis in order to process personal data.
There are six available lawful bases for processing. No single basis is ’better’ or more important than the others – which basis is most appropriate to use will depend on your purpose and relationship with the individual.
The lawful bases for processing are set out in Article 6 of the GDPR. At least one of these must apply whenever you process personal data:
(a) Consent: the individual has given clear consent for you to process their personal data for a specific purpose.
(b) Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
(c) Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
(d) Vital interests: the processing is necessary to protect someone’s life.
(e) Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
(f) Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)
Will my Volcanic website be GDPR compliant?
All Volcanic client websites will be upgraded to comply with the GDPR as standard. The new Compliance Area which features the self-service candidate dashboard will be deployed across the Volcanic platform.
Will I need to pay an additional fee to make my website GDPR-compliant?
GDPR compliance on a Volcanic website is included as part of your contract with us. All websites hosted on the Volcanic platform will be GDPR-compliant as part of our service.
Does Volcanic have externally audited processes?
Volcanic is ISO 9001 accredited. We are currently working towards achieving ISO 27001 and will be the first recruitment technology supplier to achieve this. Any company that has achieved the ISO 27001 standard will be compliant with the GDPR as its requirements surpass those of the GDPR.
Is Volcanic a data processor or controller?
Volcanic is a data processor under the definitions of the GDPR. Data processors can only process data in accordance with the instructions of the controller.
Volcanic is supporting the recruitment industry towards GDPR compliance. Make sure your and your team are trained in GDPR awareness using our free resources: watch our GDPR awarenesss training video here.