May is coming and with it the new General Data Protection Regulation policies. Lots has been written about this in recent months and now is the time to demonstrate that we are ready to tackle the new policies. You may still be asking what is the GDPR? Can I just get GDPR explained to me simply? Hopefully, by the end of this article you will see what GDPR is, what we at Europe Language Jobs are doing to ensure we are GDPR compliant, our tips to help other companies ensure they are in alignment with GDPR and inform candidates that their data is safe with us.
At Europe Language Jobs we believe that the new data protection policy is positive for website users in all industries and transparency of company activity concerning user data can only be an improvement. On the other hand, it has meant some technical and legal changes for all businesses. The recruitment industry in particular has had to adapt, and of course this will create some uncertainty in the next few months, which is why we at ELJ wanted to be on top of things and give an explanation as to how we are dealing with GDPR and how we advise recruitment departments to prepare.
Use of data transparency for candidates
When using Europe Language Jobs, candidate’s data will always remain safe, private and won’t be used until the candidate shows interest in a certain job position. At this point the data of the candidate will be transferred to the company responsible for the ad who could use this data to connect with the candidate for the position that he/she has applied. Once we pass the data to the client, the company is responsible for storing the data and must only use it for recruitment purposes that have to do with the position that the candidate has decided to apply.
Candidates can choose to make their profiles visible for companies within the CV Search system, knowing that only companies who show interest in the candidate and spend a CV Search credit will be able to access the candidates contact information. We will keep a history of every movement of data or any company who has viewed candidate’s data so the candidate can keep track of what is going on with the information and how the data is being used. At any point the candidate will be able to check their data, modify it, delete it or change permissions. We will ask for concrete permission if we plan to use the data for other related purposes.
Controlling mailings and newsletter
Users would be able to select what type of communications they want to receive via email. As a general rule we promise not to send users emails with specific offers matching their profile more than once every 2 weeks. And if the candidate doesn’t wish to receive job matchings or emails encouraging them to improve their profile, they can unsubscribe at any point and the user has complete power over their data.
Deleting an account
The same as with applications and emails, users have full authority over what happens with their account and can chose to delete or cancel it at any point. If a candidate chose to delete his account, the candidate can also decide whether he wants to erase their applications to job offers and leave no trail of their activity on the site.
What does GDPR mean for our customers?
Companies publishing jobs through ELJ have all been validated before being allowed to publish offers on our site which assures that job offers are legitimate. Any company publishing with us must accept beforehand terms and conditions of our site. Regarding GDPR lines it is especially delicate the personal data of candidates interested in those companies. Europe Language Jobs is an intermediary between recruiters and candidates. We provide a safe platform to operate where data is protected and used according to candidate’s choice. Once an application has been made we pass the data to the recruiting company and they become responsible for correct use of the information. Keeping in mind that candidate has given permission to the company for contacting them in terms of the offer where an application has been made.
How does GDPR affect you as a recruiter
In the second part of this article we want to cover some of the main points as to how recruitment teams have to deal with GDPR and what organizations have to do to make sure they are sticking to guidelines
- Clear structure on how you are collecting data. Data must be well organised, and you have to keep a clear view on how you are gathering data, organising it and who in your company has access to it.
- How are you using the data? Understand very well what permissions we have for each part of data. There should be a statement that any data requested from candidates will be used for recruitment purposes only, unless it has been said otherwise. With data coming from job boards such as Europe Language Jobs, you would only be able to contact candidates for a certain position, unless of course candidates extend concrete permission to your company to be contacted for other purposes.
- What type of data are we collecting? We need to understand the type of information we are collecting (email, name, CV…) and the level of protection for each and if data is sensitive (medical records, bank information, ethnic, religious, or other data can be used to potentially discriminate).
- Who has access to the data? Especially for big companies, it is important to control who can access data and keep track of it. Security is more important than ever because a data breach can be fatal. Companies are advised to train their teams on the implications of GDPR to make sure they are working and using information in accordance with the rules.
- How to store data. Do you store your data in ATS, database, or spreadsheets? If you work with a specific system you might want to make sure they have gone through the GDPR policy. Remember the new regulation contemplates the possibility to audit your partners in order to make sure that data is being used (and in this case stored) correctly. We recommend that you are careful about how you source candidates.
- The process of accessing and modifying data. Candidates should have total control of what the company is doing with candidate information and at any point should be allowed to check, modify, delete it or change the permissions that company has over the data. As recruiters you should take this into account and make it easy for the candidate to check and change.
Other tasks that you might want to take a look at are:
- Make sure your job application process (if it is done on your site) follows the GDPR.
- Re-write rejection emails if you are planning to keep candidates data on your system applicant has to give his permission and consent to be contacted again for other positions.
To sum up
With regards to GDPR as a job board, partner and intermediary between candidates and companies we at Europe Language Jobs are taking changes very seriously and keep working to improve transparency and security so both companies and candidates have a safe platform to interact with that applies all rules. If you have been watching the news in recent months you will have seen at least one very high profile instance regarding protection of user data and the repercussions for breaches will be severe, highlighting the importance of organisations to protect user data or risk the consequences of fines of up to 20 million euros or 4% of global turnover as well as damage to your reputation which could result in an exodus of users. We put ourselves at your company’s disposal to provide more details and facilitate the implementation of new data regulation to ensure we all in compliance with GDPR.
May 3, 2018 by Lee
To show how different European companies have adapted to the current lockdown, we interviewed 4 of our clients about recruitment during lockdown.