GDPR compliance is every business’ number one concern these days.
The General Data Protection Regulation (GDPR) was adopted in April 2016 to reinforce data protection laws for all citizens within the European Union (EU). Coming into effect on 25th May 2018, the GDPR will impact all businesses working with personal data from the EU. That means all of us – Recruitee, our clients, and everyone who ever had, has had, or will have candidates from the EU in their hiring pipelines. We will all have to fully comply with the GDPR. As the applicant tracking system (ATS) for many international companies worldwide, here is our stand on this matter:
We have been fully committed to achieving GDPR compliance before its effective date – 25th May 2018.
Below you will find our step-by-step plan to fulfill the GDPR requirements:
We have been working on measures to comply with the GDPR since last year. We consider the GDPR a crucial component in how we operate as a company and what we do as an ATS. We value our clients’ data privacy and their compliance with the GDPR is of utmost importance to us.
First and foremost, the GDPR has changed the way we look at our internal processes. In order to facilitate the development of a compliant product, we have made our operation and procedures compliant. Here is what we have done to achieve that:
1–Researched the GDPR’s impact on our industry, business, and product. We have clearly identified areas where we need to implement measures to protect our clients’ and their candidates’ data.
2–Hired a Data Security Officer and Legal Counsel. We have carefully selected an officer that has a deep understanding of our business and industry. From day one, he has been involved in various projects dedicated to GDPR compliance. One foundation we have laid together is having all Recruitee employees and all our business partners sign confidentiality agreements. He will continue playing an important role in our product development (more on this below).
4–Improved our internal processes and procedures to become GDPR compliant. For instance, we have established a data breach policy and internal security processes to ensure maximum privacy protection for our clients’ data. We will keep making security improvements in our operation, because we view GDPR compliance not as a one-time change but a continuous process.
5–Continue being selective in choosing our business partners. GDPR compliance and EU-hosted data are two of the key factors we look for. The latter is a prerequisite we have been determined on since day one. Because data stored in the US has two risks: 1) The legal basis for transferring data to the US can be deemed invalid just like Safe Harbor in the future, and 2) The US government can access the data without informing our clients.
6–Encrypt our clients’ and their candidates’ data as much as possible. We, as the data processor, do this to protect their data. We never take ownership of the data.
From process to product
Once we finished our operation and processes to be GDPR-compliant, we moved on to the biggest piece of the puzzle: improving the Recruitee product and helping its users comply with the GDPR.
Since the recruitment industry revolves around candidate data, we need to take the GDPR into account in every aspect of the product. That’s why we have consulted multiple legal experts to ensure our features’ compliance. Here is what we have done and planned to do:
7–Developed a special product roadmap that addressed all areas in Recruitee impacted by the GDPR. With the aid of our Data Security Officer and external law firms, we have fleshed out a GDPR-tailored product roadmap that will assist our clients in achieving 100% compliance in their recruitment activities.
8–Worked on the special product roadmap to realize the features for GDPR compliance. By including the legal aspects early on, we have been able to develop the new features at speed. One of the core GDPR features anonymizes candidates’ personal information, allowing full reporting of old candidate profiles you no longer hold. Another one lets you control how long you want to keep candidate data. There is also a feature letting candidates make requests when they want to access, remove, or correct their data in your database in Recruitee.
These are some examples of the GDPR-compliance feature package we have launched. Stay up to date with our our latest develeopments here.
9–Tested and verified the GDPR-compliance features with both our Data Security Officer and external law firms. It has been key in our process to involve them in the full product development cycle.
10–Finalised and announced our full compliance with the GDPR.
We are the first ATS to be fully compliant with the GDPR’s Privacy by Design principles before the GDPR’s effective date.
If you want to learn more about using Recruitee’s GDPR features for your recruitment today, please drop us a in-app message.