Thus, we follow the law on the processing and storage of personal data (users, candidates, and clients) in the Russian Federation.
The GDPR stands for the General Data Protection Regulation and is the new European Union Regulation set to replace the Data Protection Directive (DPD) and The UK Data Protection Act 1998. It places greater obligations on how organizations manage personal data.
It comes into effect on 25 May 2018.
The GDPR applies not only to organizations located within the EU but also to ones regardless of their location if they process personal data of EU individuals or companies.
The GDPR applies to processing carried out by organizations operating within the EU. It also applies to organizations outside the EU that offer goods or services to individuals in the EU.
The maximum fine a company can face is 4% of its annual global turnover, or €20 million, whichever is the highest.
Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, links to social networks, posts on social networks or a computer IP address.
You should check your procedures to ensure they cover all the rights individuals have, including how you would delete personal data or provide data electronically. The GDPR includes the following rights for individuals:
· the right to be informed
· the right of access
· the right to rectification
· the right to erasure
· the right to restrict processing
· the right to data portability
· the right to object
· the right not to be subject to automated decision-making including profiling
"Your data must be stored in a secure manner. (Art 5-9, Recitals 38-56)" All the data is hosted by our trusted providers. CleverStaff securely encrypts passwords and uses only secured connection for data transfer. Our software platform uses modern security framework as the main part of security functionality.
"Your solution must support data minimization (Principle 3)" There are a couple of standard fields to fill with candidate personal data in CleverStaff by default and it limits the scope of info needed to proceed with candidate processing. But since every hiring process is unique, we also give you the opportunity to add any fields you require to complete the process. So keep in mind this GDPR principle during your work process.
"You require candidate consent to use his personal data (Principle 1)" The consent is not obligatory in all the cases, but CleverStaff gives you an advanced feature – getting, tracking and managing the candidate consent.
"You need to notify candidates (Principle 1, Art 13 and 14)" There is a candidate consent status block in personal profile of every candidate. Send the consent request to the candidate with a few clicks using customizable email template. Easy - peasy!
"You need to keep data up to date (Principle 4)" You can update your candidate profile just in one click if it is saved from external resources – total automation. In case you’ve added the candidate manually, our candidate profile edit function works smoothly and takes no time at all.
"You need to make it easy for a candidate to get informed about privacy policy (Recital 64)" We’ve added the checkbox with candidate consent request and links to Privacy Policy and Terms & Conditions on the application form. Candidate needs to tick it to send his application form on the vacancy opening. More than that, with our simple API you can integrate CleverStaff functionality to the careers page on your website.
"You need to manage deletion requests (Art 17, Recital 65)" You are able to completely delete candidates in CleverStaff. If you want to delete your whole account – it is also may be done in just a few clicks! (Here we give you a 7-day gap before permanent deletion for restoring your account).
"Any supplier who Processes Data must be compliant" CleverStaff is completely GDPR compliant
Updated our Privacy Policy. The new regulation required the new approach in Privacy Policy contents delivery. It has been rewritten in a new way and now it fully complies with the GDPR: it is concise, transparent, intelligible and easily accessible.
Managed our internal processes and procedures regarding security. We reviewed all our security architecture along with encryption methods and verified that they fully satisfy the GDPR requirements. We also have established a brand new data breach instruction and internal security processes to ensure your maximum privacy protection.
Reviewed our business partners. Our data storage cloud providers, integrators, and other suppliers have been requested on their GDPR compliance and we have been granted with the complex compliance from their side.
