The Quest for GDPR Compliance: 3 Ways Your Recruitment CRM Matters
Is 25 May 2018 etched into your brain yet? GDPR is fast approaching, as is the need for recruitment agencies to comply with GDPR.
GDPR compliance requires an approach that goes far beyond the technology you use. But your technology—specifically the recruitment CRM you use—plays a vital part. Your recruitment technology plays a major impact in these three key areas.
Note: This blog is for informational purposes only and not for the purpose of providing legal advice. You should contact your legal counsel with respect to any questions or issues regarding GDPR.
Protect sensitive data
You must take security precautions to prevent breaches. This starts by auditing your data, internal systems, and security policies, and then ensuring you’ve taken steps to keep ALL personal data secure. This also includes working with any software vendors to understand what safeguards they have in place to protect data you’re storing and processing through their systems.
As a data controller, you’re responsible for protecting the data of your candidates and clients. If you store all of your personal data in a spreadsheet, it’s vulnerable to a breach. Look for a recruitment CRM with robust security and data protection already in place, including encrypted and confidential fields to help ensure that confidential data remains that way. If the ATS/Recruitment CRM provider is SSAE 16 SOC1 Type II compliant, this is a good indication that they have robust security measures.
Export data easily and securely
The right to access and the right to data portability requires you to provide individuals with all of their personal data you possess. If a candidate makes this request, will you be able to easily find and send all the data you have on file?
A strong recruitment CRM will allow you keep all of their data in an organised manner. It should also have an export feature so you can easily send the requested data to the individual.
The right to be informed—also known as the right to transparency—requires your recruitment agency to communicate what data you’re collecting, what you’re storing/processing, and how you intend to use it. The right to object allows individuals to object if you use their data for direct marketing, such as email marketing.
Both of these rights require that you have a system in place to ensure individual consent. To comply, you need to be able to react quickly to requests. Look for a recruitment CRM with opt-in and opt-out features to easily comply with individual requests, and to have a documented history of your compliance with said requests.
Want to find more great blogs, webinars, and articles about the GDPR that’s written with recruitment professionals in mind? Check out the GDPR Resource Centre.