Book Demo

 

 

The rights of individuals under GDPR

In addition to the key requirements of the GDPR, individuals have a number of rights regarding their personal data:

In addition to the key requirements of the GDPR, individuals have a number of rights regarding their personal data:

The right to be informed

The candidate must be informed about how their data is stored, processed and who the data will be shared with. Your responsibility You need to ensure that your Privacy Policy includes the legal basis for processing the data, how long you will keep the data and inform candidates they have a right to complain to the ICO if they are unhappy with the way their data is handled. If you use auto filtering, or external services such as online testing or video interviews, you will also need to notify the candidate at this stage. • Previously registered candidates If you have not got the necessary consent from candidate’s to store their data you will need to contact them and ask them to re-register. Any candidate information held without consent will need to be deleted before 25th May 2018. • Agency candidates Agencies will be responsible for obtaining and recording consent from the candidate to have their details processed by the software provider and controlled by you. You should ensure the agency has signed an agreement to this effect. If an agency submits a candidate they have not obtained consent from, then the agency will be liable. • Manually added candidates You need to be extremely careful when manually adding an application on behalf of a candidate, or creating a candidate account. You need to ensure consent is obtained from the candidate and recorded. How recruitment software can help A simple candidate registration process will help to obtain the necessary consent from all candidates before any data is stored. The registration process should provide candidates with access to your GDPR compliant privacy policy and manually tick a box to say that they are providing consent to have their data processed by the software provider and controlled by you. The ability to prevent users from manually adding candidates should be available within your software.

The right of access

The candidate must be able to view all their personal data stored in the system. Your responsibility Very little needs to be done as the candidate can manage their data themselves via a secure login. However, if you do not provide candidates with access to their own account, this can become a very manual and difficult task to manage. How recruitment software can help As part of the registration process, all candidates should create an account. Candidates should be able to access to this account. As well as providing candidates with the option to track applications and book interviews etc, candidate's should be able to view and update their contact details, their profile and job alert preferences.

The right to rectification

Candidates must be able to update their details. Your responsibility Very little needs to be done as the candidate can manage their data themselves via a secure login. However, if you do not provide candidates with access to their own account, this can become a very manual and difficult task to manage. How recruitment software can help Within the candidate account, candidates should be able to update their details at any time. Candidates should also be able to amend applications until they have been submitted and control their job alert preferences including completely opting out if required.

The right to erasure

Candidates must be able to request their personal data be removed from the system. Your responsibility As well as providing candidates with the option to remove their data when they wish, it is also important to ensure that you do not keep data for longer than you have consent to do so. You need to outline how long various types of data are retained within your system and put the necessary processes in place to facilitate this. How recruitment software can help Data Purge settings can help you control how long you keep data and manage inactive accounts. Candidates should also be able to delete incomplete applications and deactivate their account at any time.

The right to restrict processing

Under the DPA, individuals have a right to ‘block’ or suppress processing of personal data. The restriction of processing under the GDPR is similar. When processing is restricted, you are permitted to store the personal data, but not further process it. You can retain just enough information about the individual to ensure that the restriction is respected in future. Your responsibility Very little needs to be done if your candidates can manage their data themselves via a secure login. However, if you do not provide candidates with access to their own account, this can become a very manual and difficult task to manage. How recruitment software can help The candidate account should provide candidates with the ability to immediately withdraw an application at any point of your process to prevent any further processing of their data. Your software should also provide candidates with the option to opt out of job alerts and deactivate their account at any time should this be required.

The right to data portability

The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability. Your responsibility Very little needs to be done if your candidates can manage their data themselves via a secure login. However, if you do not provide candidates with access to their own account, this can become a very manual and difficult task to manage. How recruitment software can help As well as providing candidates with the ability to view and update data held within your system using their dedicated candidate account, candidate's should also be able to export all their data in a electronically readable format.

The right to object

Individuals have the right to object to any processing of their data. Your responsibility Very little needs to be done if your candidates can manage their data themselves via a secure login. However, if you do not provide candidates with access to their own account, this can become a very manual and difficult task to manage. How recruitment software can help Within the candidate account, candidates should be able to view the status of any application, i.e. in progress, offered, or declined. Should a candidate be declined, your recruitment software should also provide candidates with the option to appeal the decision. Notification should be sent to the appropriate within your organisation for them to action accordingly.

Rights in relation to automated decision making and profiling

The GDPR provides safeguards for individuals against the risk that a potentially damaging decision is taken without human intervention. Identify whether any of your processing operations constitute automated decision making and consider whether you need to update your procedures to deal with the requirements of the GDPR. Your responsibility Very little needs to be done if your candidates can manage their data themselves via a secure login. However, if you do not provide candidates with access to their own account, this can become a very manual and difficult task to manage. How recruitment software can help Any automated decision making processes will need to be communicated to the candidate. The best way to do this is via a dedicated candidate account. Your recruitment software should identify if a candidate is automatically declined and show this within the candidate's account. The reason should also be provided along with the option to appeal the decision.

Recent News Keep up to date with the latest news from us here at networx recruitment.

3 Reasons Why Interview Feedback is Important

  It is claimed that 83% of people have never received any interview feedback following an interview. Not only is a lack of communication a common frustration for candidates, HR... read more...

The GDPR comes into force on May 25, 2018.

Whilst it may be over 6 months away, networx have already outlined new processes and started developing new software functionality to comply with the new regulations. The next stage of... read more...
Companies already working with networx

Wait... Not quite ready to book a demo but want to find out more?

Please leave your details and one of our team will contact you to discuss your requirements.

Leave your details below &
we will call or email you back!