It's 2018, the year of General Data Protection Regulation (GDPR). And congratulations, you’ve survived!
It’s now the calm after the storm, or is merely just the calm before the storm? Businesses were scrambling just a few weeks ago trying to be GDPR ready. Now that the General Data Protection Regulationhas gone into effect, all is quiet as if nothing happened, but GDPR is alive and here to stay...
Did you know that fines for violating the new regulation can go up to €20 million or up to 4% of the company’s global revenue? Whichever is higher. If GDPR had been in effect years ago, companies like Yahoo and Ebay would have faced huge fines. It’s no surprise the LA Times took extreme measures and completely restricted access to their website to those in Europeans countries.
If you’re a hiring manager or someone in staffing and recruiting, have you managed to get your recruitment processes GDPR compliant?
We at Happo unrolled a bunch of new features tied to making your recruitment easy in the new era of the European General DataProtection Regulation.
Here are 4 easy steps that can help with compliance:
1. Sign up for an Applicant Tracking System (ATS) such as Happo
Using an ATS helps keep your processes in one platform. Happo puts all your candidates in one streamlined pipeline so that you no longer have an inbox or spreadsheet full of personal and sensitive information. With GDPR in effect, Europeans have more control over their personal data and their rights to privacy, so seeing all your applications in one place will make it easy for you to handle their data should a candidate ask to have a look, make changes or ask to have it removed altogether.
2. Sign a Data Processor Agreement (DPA)
When you start using Happo, we’ll have you e-sign a Data Processor Agreement (DPA) between Happo and your business to clarify the roles of Data Controller and Data Processor. Our Data Processing Agreement explains everything around your data in Happo, what we do with it, what rights you have, what security measures we take, and everything else that might come with it.
You’ll just have to fill in the email address of an authorized signatory, typically a CEO, COO, DM, CFO, or a board member, and they’ll receive the document in their email to virtually sign.
You will also enter your registered company name in order for us to correctly handle and sync all your company processes. A registered company name would be something like Happo Group AB, The Walt Disney Company, Alphabet Inc.
3. Add your own privacy policies and terms and agreements for applicants to agree to when applying for your job.
Managing hiring processes will automatically put you in a position to deal with personal and sensitive information. With GDPR, you will need the candidate’s consent to store and process their data and therefore, Happo makes it easy for you upload your own documents for candidates to read and agree to when applying for a position.
You can easily upload or link them to Happo and access them at any time when creating an online application for your candidates.
4. Set candidate data to automatically delete
You shouldn’t keep data forever. By default, all candidate data in Happo will be saved until the position or the specific candidate is deleted. Be in total control on how you handle data and set your own retention routines. Choose what data you want to keep and how long you want to keep it until it is deleted.
If you want to keep a candidate's information longer than the candidate provided consent for, you can easily ask for consent through Happo.
Of course, this post is by no means a form of legal advice, but simply our opinion based on our lawyer. If you must comply with GDPR, you should consult with your own legal advisor on best practices under the new law.
Handling your hiring processes in a GDPR compliant way may sounds intimidating, but it can be quite simple if given the right tools. If you aren’t a customer yet and you’re looking for a better way to manage GDPR compliance and your recruiting process, we’d love to talk.
Feature photo by Jake Hills