GDPR Readiness
What is GDPR?
Effective May 25, 2018, the European Union (EU) has enacted the General Data Protection Regulation (GDPR), which is designed to unify privacy laws across Europe.
The purpose of GDPR is to give EU residents better data privacy rights. It allows individuals to have greater say over what, how, why, where, and when their personal data is used, processed, or disposed.
GDPR clarifies how the EU personal data laws apply even beyond the borders of the EU. Any organization that works with EU residents’ personal data in any manner, irrespective of location, has obligations to protect the data.
Simply put, if your company recruits candidates from the EU or places talent with hiring companies in the EU, then the GDPR applies to you. You should consult with a GDPR specialist regarding the full scope of your compliance obligations.
Haley Marketing is well aware of its role in providing the right tools and processes to support its users and clients meet their GDPR mandates.
What are the new data privacy rights?
GDPR gives an individual the right to exercise complete authority over their personal data. Some of the rights highlighted in the regulation are:
- Explicit consent: Individuals (data subjects) must be informed about how their personal data will be processed. Organizations must make it as easy for data subjects to withdraw their consent as it is to grant it.
- Right to access: At any point in time, the data subject can ask an organization to disclose the personal data that is being stored or retained about him/her.
- Right to be forgotten: The data subject can request organization to remove his/her personal information from the organization’s systems.
- Data portability: The organization must be able to provide data subjects with a copy of their personal data in machine readable format.
What has Haley Marketing done to prepare?
- A Data Protection Officer has been appointed. We have reviewed all the personal data we process and confirmed our lawful basis for processing.
- New Privacy Policy. We’ve updated our privacy policy to incorporate specific language related to data protection requirements under the GDPR. If your company is subject to GDPR, you will also need to update your own privacy policy. We strongly recommend you consult legal counsel to obtain advice specifically applicable to your business.
- New Terms of Service. We’ve also updated our Terms of Service to more clearly define our legal responsibilities for users of our website. Again, you’ll want to review your Terms of Service with your legal counsel.
- New “Privacy Protection” Settings. One of the main GDPR requirement is to get user consent when collecting personal data and subscribing individuals to any form of marketing or data sharing. To simplify this process for you we’ve added a new “Compliance” section in the Admin Settings area in myHaley. This enables you to assign a Data Protection Officer, link to your privacy policy, and control cookie policies on your Haley Marketing products and hosted website.
- Updated User Controls. In each of our products, we have reviewed and updated all user options to provide control for the user to manage permissions, download their data, and delete their data.
What you can do as a Staffing or Recruiting Company
Compliance with the GDPR requires a partnership between your company and all the vendors you partner with to process data about your clients and candidates.
As a staffing or recruiting company, you will typically act as the data controller for any personal data you collect. The data controller determines the purposes and means of processing personal data, while the data processor processes data on behalf of the data controller. At Haley Marketing, we are a data processor and process personal data on behalf of you in that we store the data of your users on our systems.
You should also seek advice from a GDPR specialist relating to your status and obligations under the GDPR, as only a qualified specialist can provide advice specifically tailored to your situation.
Please note, we cannot offer legal advice.
Please do not take this information as legal advice, and if you are subject to GDPR, we recommend you consult a specialist to obtain legal advice applicable to your business circumstances.