GDPR Solved with Bullhorn Automation
We recently hosted a webinar demonstrating how to leverage Bullhorn Automation to capture consent and remain compliant with GDPR rules. Below are the highlights!
Disclaimer: We are not providing legal advice, and any information used is publicly available from reputable sources. If you are unsure of your legal obligations, please seek qualified legal advice.
Let’s Talk GDPR – Brief Recap
Automation will support your journey to compliance in the most efficient way possible, but it’s up to you to ensure you are compliant with GDPR.
Ultimately, the purpose of GDPR is to protect the privacy of individuals by their personally identifiable data. We should see this as an opportunity to meet client and candidate expectations and deliver a great experience.
There are two main entities when processing personal data; data processes and data controllers. Recruiters who decide to store and process information are controllers. This is important because both differ from a compliance perspective, but both must follow the accountability framework. Go to the ICO website to learn more about the accountability framework.
The two things we are focusing on here are processing data and gaining and maintaining marketing consent.
As part of GDPR, companies must:
- Store why they are processing individual data, and keep it up to date
- Provide that data upon request
- Be able to provide an audit trail of how that data was captured.
Furthermore, you must be able to prove that you are keeping those processes up-to-date. Specifically, these process bases are Consent (explicit consent to process data, for example, via a contract), a legal obligation for processing that data, vital interest, a public task, and legitimate interest. Consent, contract, and legitimate interest are the three focus areas for most businesses.
Lastly, there is marketing consent. This is where you are required to store whether an individual would like to receive marketing information. In the digital world, consent is required before outreach is made, for example, via email, SMS, and cookies on the website.
See the ICO for more information.
The Challenge For Recruiters
Obtaining and maintaining marketing consent
- Keeping databases clean and up to date
- Adhering to marketing preferences
To do this efficiently, recruiters need to capture and maintain consent on an ongoing basis which is vital from a data hygiene perspective. You also need to make sure you reach out to the individual the way they would like you to. If this isn’t done right, it can lead to a lack of trust in the agency, especially when done at scale.
Maintaining processing justifications
- Keeping clear and up to date audit trails
- Adhering to individual data rights
You need to be able to prove why you have specific data and dates from when you last reviewed it. For example, you might have acquired a contact based on legitimate interest. This contact became a client of yours (congrats!), now this client needs to be changed to a clear consent basis. So how can automation help with all this?
Automating GDPR processes
Here’s a simple way of looking at the difference between automating your GDPR processes and having your consultants do it:
- Manual and slow
- Difficult to track and monitor
- Auditable proof is difficult
- Standardise collection points
- Collect data on user terms
- Clear audit trails
- Remove manual burden
Here’s how a simple workflow in Bullhorn Automation can help you capture different types of consent from candidates/clients and set a specific consent type based on where the candidate/client was added from. For example, if a candidate applies for a job via your website, the candidate can be automatically added as ‘legitimate interest’. Then we can set up another rule to say if a candidate is added from a job board, we won’t automatically add them as ‘legitimate interest’ but instead trigger a survey capturing more information. That is the type of flexibility the platform provides.
See the entire webinar for more details on what you can automate for GDPR purposes here.
- Keep data clean and up to date while remaining GDPR Compliant
- Update, capture and maintain consent consistently and at the right time
- Reduced space for human error and manual effort
- Be more productive and provide a greater experience.