Stay GDPR Compliant with JazzHR

May 29 12:13 2019 Print This Article

What does the GDPR cover?

The European Union has identified concerns surrounding data security and has put a new regulation, the General Data Protection Regulation (GDPR), in place to protect its citizens. This legislation goes into effect as of May 25, 2018 and will be strictly enforced, setting the new standard for consumer rights regarding the protection of their data.

The GDPR regulates the processing, including collection, storage, transfer or use, of data for EU individuals. Any organization that processes personal data of EU individuals is within the scope of the law, regardless of whether the organization has a physical presence in the EU. It is important to note that the GDPR concept of “personal data” is very broad.

For companies subject to GDPR, the compliance requirements for processing data are significant, including:

  • Gathering and using email addresses
  • Documenting internal processes to stay GDPR compliant
  • Conducting a Data Privacy Impact Assessment for new technologies
  • Mandating certain types of businesses hire a Data Privacy Officer
  • Creating privacy policies and compliant contract terms
  • Reporting obligations when a data breach occurs

What is Personal Data?

Any kind of information that can be used to identify a person – like a candidate’s name, email address, social networking posts, and even down to information as granular as their computer IP address.

What Does This Mean for Employers?

The new regulation will affect any organization that stores and/or processes the personal information of EU citizens.  There are three levels of GDRP classifications you should be aware of that cover everything from data security, data control, and governance.

Data SubjectsData ControllersData Processors
Ex: The candidates you recruitEx: Your organizationEx: JazzHR

How to Comply 

  • Determine the legal basis for collecting the information and be fully transparent with the types of data and what specifically will be done with that data.
  • Only use the data for what you originally intended – you cannot recycle the information for marketing emails or sell to third parties.
  • Be mindful of the amount of data you are collecting – only collect the personal information you need to complete the task at hand. For example, if someone is applying for a job, only collect the basics needed to accurately fill out the application.
  • Keep your records up to date – outdated information on candidates can be considered a violation. While you have the data, ensure that it is secure at all times.
  • Don’t keep the data for extended periods of time. This goes hand in hand with the statement above. While there is no designated expiration at this time, be wary about the data’s “shelf life”.

JazzHR’s Approach to GDPR

Building on our existing data-privacy and security infrastructure, we will support our customers in their GDPR compliance efforts with a combination of new features and in-app best practice guidance.

While JazzHR has few new requirements for GDPR, many of our existing feature sets can help customers meet their own requirements. For example, our bulk actions feature can perform mass deletion of candidate data, our custom questionnaires features allow for easy collection of consent, our candidate export provides data subject records in CSV format, and workflow triggers enable the sending of additional information related the data subject’s rights immediately upon application. 

JazzHR Features and Functionality to Support GDPR:

  • Secure Career Pages: Customer career pages will default to HTTPS by May 22, 2018
  • Bulk Deletion: Our Bulk Actions feature can be used to delete candidates whose records have been deemed no longer relevant.
  • Application Disclaimer: Customers can set a default application disclaimer, which is applied to all of their job applications, informing candidates of how they handle their personal data and their data retention policies

This article was originally posted here:

  Article "tagged" as:
view more articles

About Article Author

GDPR Associates
GDPR Associates

View More Articles
write a comment


No Comments Yet!

You can be the one to start a conversation.

Add a Comment