The General Data Protection Regulation (GDPR) is a major regulation in EU law on data protection and privacy for all individuals within the European Union. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
Terms in GDPR
The following are the key terms used in GDPR.
- Data subjects
It would mean candidate information in general. And "personal data" would be any information that can be used to identify the data subject. This includes the candidate resume, name, email, contact number, address, etc.
It decides the purpose of personal data processing like for which job personal data will be used and the means to do that. Controllers could be direct employers or staffing agencies.
It would be recruiting software or ATS or any legal entity that processes personal data on behalf of a controller.
It would mean any activity executed on personal data, such as store information, update information, delete information.
Changes iSmartRecruit is initiating for making it GDPR compliant
We are implementing changes throughout the system to ensure the customer that iSmartRecruit is fully ready to tackle any changes that need to be made to make it GDPR compliant.
Our team is actively working on building the policies and services to make iSmartRecruit GDPR friendly. We are reviewing our data and prioritizing any changes that need to be made in advance of the GDPR before GDPR comes into act.
Here are some of the ways iSmartRecruit is making its customer GDPR ready
System Configuration - GDPR Compliance Setting
In the system configuration screen of iSmartRecruit, there will be an option to enable the GDPR Compliance. Once you enable this option, the system will take care of necessary information and actions which are necessary for GDPR Compliance like candidate consent, candidate rights, etc.
In the same configuration, the administrator can configure the default consent validity period also. Once the candidate provides the consent, the system will calculate the consent expiry date based on the consent validity period.
Applicant - Terms & Conditions
The recruitment agency or direct employer can frame the terms & conditions and configure that in the system configuration. Whenever any applicant submits the profile, the applicant has to accept the terms and conditions. We advise to include all necessary clauses in terms & conditions to safeguard your interest concerning GDPR. You can also include terms about consent from the applicant to use his/her personal data for the necessary purpose and consent last for.
Here is the configuration screen:
An applicant can see the terms & conditions in the following way:
We will add a report to identify the following.
- Candidates for which consent already expired
- Candidates for which consent is about to expire
This report helps the user to identify the candidates who are eligible for consent renewal, and the user can directly send mass emails to them to renew the consent.
Additional attributes of Candidate Information
The system is going to capture the following additional information concerning candidates.
- Consent issued date
- Consent expiry date
Candidate Consent Status
The system will display the consent status of the candidate in the Candidate Search screen. The status could have one of the following values.
- Consent Expired
- Consent Issued
- Consent Requested
Our goal is to ensure that consent information is visible to team members when they're interacting with candidates, so they can avoid non-compliant actions, like reaching out to a candidate who did not consent to contact.
There will be additional criteria in the system to filter candidates, which are with the consent and without/expired consent. A user can do necessary mass emailing to candidates whose consent has been expired or not taken.
When you open a dialog to view the candidate information, the system is going to show the status of consent.
Record Audit Trail Information
When the candidate approves the consent request, the system is going to store the IP address, browser, country, etc. of the candidate as audit trail information. This information will not be displayed anywhere in the system, but it will be available on request to support.
You can provide access to the system to the candidate and allow the candidate to execute the following rights which are provided under GDPR.
- Right to be forgotten
- Right to change the information
- Right of access
- Right to move data
Additionally, we will provide an interface to give consent to use personal data. Once they provide consent the system will record this action and set up the consent expiry date as well.
We will add a new widget in a dashboard, which gives you an overall summary of candidate consent status. The widget will have the following information.
- Total Candidates with Consent
- Total Candidates with Expired Consent
- Total Candidates without Consent
- Total Candidates with Pending Consent
If you have any questions or queries regarding the content you can email us at [email protected]. We would be happy to help and our suggestions are more than welcome.
Self Service Portals give you the freedom to manage GDPR stuff
GDPR related stuff is very crucial to handle. Self Service Portals give the freedom to Candidates to handle the GDPR Compliance their own way.
- They can also erase the consent request. They can update the status of consent
- Candidate can use a self-service portal to give an update consent period.
Please do share our blog on your social network.