It's 2018, the year of General Data Protection Regulation (GDPR). And Congratulations, you’ve survived!
It’s now the calm after the storm, or is merely just the calm before the storm? Businesses were scrambling just a few weeks ago
trying to be GDPR ready. Now that the General Data Protection Regulation
has gone into effect, all is quiet as if nothing happened, but GDPR is alive and here to stay...
Did you know that fines for violating the new regulation can go up to €20 million or up to 4% of the company’s global revenue? Whichever is higher. If GDPR had been in effect years ago, companies like Yahoo and Ebay would have faced huge fines. It’s no surprise the LA Times took extreme measures and completely restricted access to their website for those in Europeans countries. As long as you're gathering and processing data from anyone in the EU, residents, citizens or even tourists, the law and fines apply to you.
If you’re a hiring manager or someone in staffing and recruiting, have you managed to get your recruitment processes GDPR compliant?
We at Happo launched a bunch of new features tied to
making your recruitment easy in the new era of the European General Data
Here are 4 easy steps that can help with compliance:
1. Sign up for an Applicant Tracking System (ATS) such as Happo
Using an ATS helps keep your processes in one platform. Happo puts all your candidates in one streamlined pipeline so that you no longer have an inbox or spreadsheet full of personal and sensitive information. With GDPR in effect, Europeans have more control over their personal data and their rights to privacy, so seeing all your applications in one place will make it easy for you to handle their data should a candidate ask to have a look, make changes or ask to have it removed altogether.
2. Sign a Data Processor Agreement (DPA)
When you start using Happo, we’ll have you e-sign a
Data Processor Agreement (DPA) between Happo and your business to clarify the
roles of Data Controller and Data Processor. Our Data Processing Agreement
explains everything around your data in Happo, what we do with it, what rights
you have, what security measures we take, and everything else that might come
You’ll just have to fill in the email address of an
authorized signatory, typically a CEO, COO, DM, CFO, or a board member, and
they’ll receive the document in their email to virtually sign.
You will also enter your registered company name in order for us to correctly handle and sync all your company processes. A registered company name would be something like Happo Group AB, The Walt Disney Company, Alphabet Inc.
3. Add your own privacy policies and terms and agreements
for applicants to agree to when applying for your job.
Managing hiring processes will automatically put you in a position to deal with personal and sensitive information. With GDPR, you will need the candidate’s consent to store and process their data and therefore, Happo makes it easy for you upload your own documents for candidates to read and agree to when applying for a position.
You can easily upload or link them to Happo and access them at any time when creating an online application for your candidates.
4. Set candidate data to automatically delete
You shouldn’t keep data forever.
By default, all candidate data in Happo will be saved until
the position or the specific candidate is deleted. Be in total control on how you
handle data and set your own retention routines. Choose what data you want
to keep and how long you want to keep it until it’s deleted.
If you want to keep a candidate's information longer than the candidate provided consent for, you can easily ask for consent through Happo.
Of course, this post is by no means a form of legal advice, but simply our opinion based on our lawyer. If you must comply with GDPR, you should consult with your own legal advisor on best practices under the new law.
Handling your hiring processes in a GDPR compliant way may sound intimidating, but its a matter of putting the right tools in place when you start your hiring processes.
If you aren’t a customer yet and you’re looking for a better way to manage GDPR compliance as well as your recruiting process, we’d love to talk.
Feature photo by Jake Hills