Starting from 25th May 2018, organisations that collect personal data of EU residents must become compliant with the General Data Protection Regulation (GDPR). GDPR is a new law that aims to strengthen people’s right to privacy and protect their personal data.
GDPR places the burden of ensuring compliance on your organisation, especially functions like recruiting which rely heavily on collecting applicants personal data.
Please note that OneRecruit is not a law firm and cannot provide legal advice. All information provided is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements. Organisations should take independent legal advice regarding their own provisions for data protection.
- Include the name and contact details of your organisation. If you have appointed a Data Protection Officer (DPO), include their contact details as well.
- A statement that any data requested will be used for recruitment purposes only. You need to explain your legitimate interest too.
- The types of information about a candidate that reside in your company’s files. These could be contact details, social and professional profiles, education and work experience.
- Who you will share the data with. For example, if you are a recruitment consultant, you may share this data with your clients.
- Where you find candidate data. It’s important that you mention you use your sources lawfully.
- Where the processing is based and where you store data. This is especially important if you transfer data outside the EU.
- How long your organisation intends to store each candidate’s data. If this isn’t possible, you need to explain with what criteria you determine this period.
- The applicants’ rights. These include the right to be forgotten, to rectify or access data, to restrict processing, to withdraw consent, to be kept informed about the processing of their data.
- Instructions on how applicants can take action on the processing of their personal data. Let them know how to access their data or request that you delete, rectify or restrict processing of their data.
With OneRecruit you can change the default consent text and set-up automatic deletion of applicants in Settings > Compliance.