Robinhood, a brokerage app, recently caught flack when one-third of its over 20 million users’ private information was compromised. A hacker likely gained entry during a customer support call and made off with millions of email addresses and other personal data, demanding an extortion payment.
Every year we see more data breaches than the year before. While this number continues to grow, even recently in the HR tech space, it’s imperative to take a deep dive into your own processes and identify possible areas for improvement to make sure you’re covered.
This is especially true for HR and recruitment teams since confidential candidate data is being shared on a daily, hourly, or even minute-by-minute basis.
Hire confidently with Recruitee, knowing your back is covered.
With our ISO 27001 certificate, and features like GDPR automation, single sign-on (SSO), and Two-factor authentication (2FA), you can trust that you’re safe and secure with Recruitee.
International Organization for Standardization (ISO)
Our ISO 27001 certification proves that our internal processes which ensure ongoing information security management meet the esteemed and internationally recognized standards of ISO 27001. In the words of Recruitee’s Chief Operating Officer, Robbert Flipsen:
“We have always believed in the strength of our information security. It is something that is ingrained in our employees from the first day that they start at Recruitee. The difference is that now you no longer have to take our word for it; our ISO 27001 certificate is a stamp of approval by an accredited external auditor.”
What this means for Recruitee and our customers
Nothing, in particular, will change for our customers — your data will remain safe and secure as we continue to grow. This certification will only enhance our continued compliance commitment. You can rest assured that your data is (and will continue to be) secure.
At Recruitee, we uphold industry and international best practices as well as our own high standards. This is reflected in the ISO 27001 certification and will enhance our continued compliance as we build new features and support our customers. In addition, our data centers are also ISO certified.
General Data Protection Regulation (GDPR)
Europeans can name-drop General Data Protection Regulation (GDPR) into basically any conversation. It is relevant in all aspects of life (personal and business). Whether it’s your doctor owning your medical data, an airline owning your passport data, or any website that collects your personal data (name, phone number, and email address are enough), they must adhere to GDPR regulations.
Effective from May 25, 2018, the General Data Protection Regulation (GDPR) is a comprehensive data protection law that replaced existing European Union law to strengthen the protection of “personal data” and the individual’s rights. In simplest terms, it’s a single set of rules which governs the processing and monitoring of EU data.
How does Recruitee help you stay GDPR compliant?
At Recruitee, data protection is in our blood. Our customers work with sensitive candidate data all day long, so it’s important that we help keep them compliant and stay compliant ourselves.
That’s why we have built features to help keep our customers and their candidates’ data compliant, including:
Managing candidates’ GDPR statuses
With a quick glance at a candidate profile, you can accurately identify the GDPR status showing whether a candidate has given consent for storing their data and for how long. The statuses that may appear include; No consent, Consent requested, Consent given, Expiring, and Expired. When applying for a job, candidates will have peace of mind that their data is handled carefully.
Notification of status changes
Notify your team about candidate status changes. Send reports to stay up-to-date when candidate profiles are expired or are about to expire. You can send data removal and correction requests regarding candidates that have not given consent.
Consent requests, removal, or correction of candidate data
Candidates can make various requests, such as access, removal, or data correction. To allow them to do so, insert a removal request or correction request link into the GDPR footer of your careers site or in your email communication. You can also send an email with a GDPR consent request to candidates that didn’t apply through your careers site or to candidates whose consent is about to expire and you want to extend it.
GDPR automation for consent and deletion
To make the process even more user-friendly and less manual, you can automate consent requests and candidate deletions. Simply configure and toggle on your preferred automation in your Settings. Once set up, an automated email requesting an extension will be sent 30 days before the consent expires. Similarly, when a candidate has requested to have their data deleted and has reached the end of the consent period, the data will be automatically deleted.
How do ISO 27001 and GDPR connect?
The GDPR requires that your vendors (sub-processors) take appropriate information security measures and Recruitee’s ISO 27001 certification helps you attain assurance of the fact that such measures have been implemented. Nowadays, it’s even more essential to comply with international standards and regulations, and we promise that we will uphold and prioritize these efforts and standards.
Other ways to keep your data protected
Working in HR, I am sure you are familiar with sensitive information. There are millions of candidates sharing their sensitive data on a daily basis. To keep this data protected, it’s vital to activate a second layer of protection such as Two-factor authentication (2FA), wherein, along with your username and password, you enter a code from an SMS or authenticator app.
The average cost of a data breach is over four million dollars. To reduce the risk of an expensive breach or loss of confidential candidate data, enabling a higher level of security becomes a necessity rather than an option.
By activating Two-factor authentication (2FA), you can ensure you and your team are meeting this higher security standard. Confirm that it’s actually you (and not a hacker) getting access to your candidates’ data.
Look into the practices your company upholds when it comes to data protection and security.
Know that with Recruitee, your and your candidates’ data will be safe and secure. From single sign-on (SSO), Two-factor authentication (2FA), and access controls for different roles to data encryption and GDPR compliance. Learn more about our Security and Compliance practices at Recruitee.