Note: The following features will be rolled out gradually before May 25th to all accounts.
Note: This blog helps the user to make his/her candidate GDPR compliant. In this article, we will be making you aware of the different GDPR policies and how we can make our system compliant with the Global Data Protection Act.
The General Data Protection Regulation (GDPR) is a major regulation in EU law on data protection and privacy for all individuals within the European Union. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
Terms in GDPR
The following are the key terms used in GDPR.
- Data subjects
It would mean candidate information in general. And "personal data" would be any information that can be used to identify the data subject. This includes candidate resume, name, email, contact number, address etc.
It decides the purpose of processing personal data like for which job personal data will be used and the means to do that. Controllers could be direct employers or staffing agencies.
It would be recruiting software or ATS or any legal entity that process personal data on behalf of a controller.
It would mean any activity executed on personal data, such as store information, update information, delete information.
Changes iSmartRecruit is initiating for making it GDPR compliant
We are implementing changes throughout the system to ensure the customer that iSmartRecruit is fully ready to tackle any changes that needs to be made to make it GDPR compliant.
Our team is actively working on building the policies and services to make iSmartRecruit GDPR friendly. We are reviewing our data, and prioritising any changes that need to be made in advance of the GDPR before GDPR comes into act.
Here are some of the ways iSmartRecruit is making its customer GDPR ready
System Configuration - GDPR Compliance Setting
In the system configuration screen of iSmartRecruit, there will be an option to enable the GDPR Compliance. Once you enable this option, the system will take care of necessary information and actions which are necessary for GDPR Compliance like candidate consent, candidate rights etc.
In the same configuration, the administrator can configure the default consent validity period also. Once the consent is provided by the candidate, the system will calculate the consent expiry date based on consent validity period.
Applicant - Terms & Conditions
The recruitment agency or direct employer can frame the terms & conditions and configure that in the system configuration. Whenever any applicant submits the profile, the applicant has to accept the terms and conditions. We advise to include all necessary clauses in terms & conditions to safeguard your interest with respect to GDPR. You can also include terms about consent from the applicant to use his/her personal data for the necessary purpose and consent last for.
Here is the configuration screen:
An applicant can see the terms & conditions in the following way:
We will add a report to identify the following.
- Candidates for which consent already expired
- Candidates for which consent is about to expire
This report helps the user to identify the candidates who are eligible for consent renewal and the user can directly send mass emails to them to renew the consent.
Additional attributes of Candidate Information
The system is going to capture following additional information with respect to candidates.
- Consent issued date
- Consent expiry date
Candidate Consent Status
System will display the consent status of the candidate in Candidate Search screen. The status could have one of the following value.
- Consent Expired
- Consent Issued
- Consent Requested
Our goal is to ensure that consent information is visible to team members when they're interacting with candidates, so they can avoid non-compliant actions, like reaching out to a candidate who did not give consent to be contacted.
There will be additional criteria in the system to filter candidates which are with the consent and without/expired consent. A user can do necessary mass emailing to candidates whose consent has been expired or not taken.
When you open a dialog to view the candidate information, the system is going to show the status of consent.
Record Audit Trail Information
When candidate approves the consent request, the system is going to store the IP address, browser, country etc. of the candidate as audit trail information. This information will not be displayed anywhere in the system but it will be available on request to support.
You can provide access of the system to candidate and allow the candidate to execute the following rights which are provided under GDPR.
- Right to be forgotten
- Right to change the information
- Right of access
- Right to move data
Additionally, we will provide an interface to give consent to use personal data. Once the consent is provided, the system will record this action and setup consent expiry date as well.
We will add a new widget in a dashboard which gives you an overall summary of candidate consent status. The widget will have the following information.
- Total Candidates with Consent
- Total Candidates with Expired Consent
- Total Candidates without Consent
- Total Candidates with Pending Consent
If you have any question or query regarding the content you can email to us at [email protected] We would be happy to help and our suggestions are more than welcome.
Self Service Portals give you the freedom to manage GDPR stuff
GDPR related stuff is very crucial to handle. Self Service Portals give the freedom to Candidates to handle the GDPR Compliance their own way.
- Candidate can use a self-service portal to give an update consent period.
- They can also erase the consent request. They can update the status of consent.
For further information, you can also write us at [email protected]. Please do share our blog in your social network.