The European Union has taken a monumental step in protecting the fundamental right to privacy for every EU resident with the General Data Protection Regulation (GDPR) which will be effective from May 25, 2018.
Rockstaff was built on a foundation of giving users control of their data, and this statement is designed to inform users, both candidates and clients, of our understanding and commitment to our obligations to GDPR, and what we're doing, and have already done, to prepare for it.
This statement may be updated closer to the GDPR deadline.
What is GDPR?
Simply put, EU residents will now have greater say over what, how, why, where, and when their personal data is used, processed, or disposed. This rule clarifies how the EU personal data laws apply even beyond the borders of the EU. Any organisation that works with EU residents' personal data in any manner, irrespective of location, has obligations to protect the data.
What data rights do you have as an individual?
As an individual user of our site, the GDPR is all about protecting your rights when it comes to the data you provide us with:
- Right to be informed
- EU citizens will have the right to ask about what information companies hold about them, why companies hold it, how long a company has had it, how long companies intend to hold it and what companies intend to do with it.
- Right to Rectification
- If someone finds out that a company holds incorrect data on them, they have the right to contact the company and have them make any necessary corrections immediately.
- Right to Portability
- EU citizens have the right to request a digital copy of any data held about them; companies will have to provide this within a month of receiving the request.
- Right to Restriction
- A data subject may request the data controller to restrict their personal data from being processed until they give their consent again.
- Right to Objection
- Along with the right to give informed consent, EU citizens also have a right to retract/withdraw that consent at any point.
- They also have a right to object to certain uses of their data that they disagree. Eg: sharing their details with a third party.
- Right to Erasure
- EU citizens can request that companies delete any personally identifiable information, provided there's no "compelling reason" for companies to continue storing/processing that data.
The value of your data
While it may not seem it, it's important that you understand that your data has value and how the companies that you provide it to will be using it. While it may seem like your medical or financial records are the most valuable, simple things like your search history is data that third-party companies can use to target you for sales revenue. Admittedly, receiving an advert for 50% off an umbrella might be very useful if you've recently been searching for one after being rained on, but it's important to know how your data was used to add value.
Our commitment to GDPR
Rockstaff recognises that the GDPR will help us move towards the highest standards of operations in protecting user data.
What are we doing to prepare?
- Identifying personal data
Performing personal data audits and documenting the various sources of data will go a long way in providing a roadmap for compliance in the days leading up to implementation.
- Providing visibility and transparency
- Data accuracy measures
To ensure the data we hold of you is accurate, we are implementing measures to encourage our users to update their records periodically. Additionally, there will be an automated deletion of records that aren't updated past a certain period, as outlined in 'Data storage duration' below.
- Enhancing data integrity and security
We've implemented the following measures:
- Password protected accounts;
- Strict verification of recruiter accounts;
- Organisational measures, including formal training of staff and confidentiality clauses in employment contracts, to minimise the risk of data breaches internally;
- All candidate profiles have optional visibility, and are set as 'Private' by default, until changed by the user;
- Hacking protection and detection system;
- Breach reporting within 72 hours of detection to the appropriate regulatory body.
- Reviewed 3rd party contracts
We have engaged, and will engage in the future, with all third parties that help us process data to ensure they are fulfilling obligations under GDPR.
- Portability and transferability of data
Implementing complete portability of data that we hold on users.
- Removal of Data
Rockstaff users are already able to delete their user accounts and data with one click from their Candidate Dashboard. However, we are also implementing systems to allow users to erase data from our external CRM if they have previously uploaded data such as their CV or career preferences.
- Data storage duration
To comply with our obligation to keep data no longer than is necessary, we will be implementing an automated deletion period of data that has not been updated.