GDPR (General Data Protection Regulation) is privacy a security regulations put in effect by the European Union, but impacts all organizations if they collect data from people in the EU.
Terms that GDPR uses include:
- Personal data: Personal data is any information that relates to an individual who can be directly or indirectly identified. Names and email addresses are obviously personal data. Location information, ethnicity, gender, biometric data, religious beliefs, web cookies, and political opinions can also be personal data. Pseudonymous data can also fall under the definition if it’s relatively easy to ID someone from it.
- Data processing: Any action performed on data, whether automated or manual. The examples include collecting, recording, organizing, structuring, storing, using, and erasing.
- Data subject: The person whose data is processed. These are your customers or site visitors.
- Data controller: The person who decides why and how personal data will be processed. If you’re an owner or employee in your organization who handles data, this is you.
- Data processor: A third party that processes personal data on behalf of a data controller. The GDPR has special rules for these individuals and organizations. They could include cloud servers or email service providers.
How does GDPR effect Click Boarding and its clients?
With GDPR, Click Boarding provides the means for our clients, regardless of location, to stay in line with its requirements for their EU resident employees, including providing transparency about the purpose for which data is collected (privacy policy), and opted into (acceptance of the policy). This extends to an employee's right to be forgotten and have their data deleted when a request to be forgotten has been made.
Click Boarding makes it straightforward for clients to manage candidate information access, adjustment, and deletion. We give employees the power over their personal data while providing our clients the ability, as data controllers, to control that.
How can data be forgotten?
There are two ways a GDPR "forget-me" request comes in.
- CLIENT: A client may reach out to Click Boarding via Support to say that a certain candidate or candidates' data needs to be removed. The client can also call our APIs, which are designed to let them easily submit candidate deletion requests.
- CANDIDATE: A candidate/employee might contact us directly via Support. Our clients are the data controllers, so our support process involves contacting the client to inform them that candidate X has requested to be forgotten. Our client will respond yes or no (for example, the data might need to be kept if it is subject to a litigation hold). Upon confirmation that the data should be removed, the client can either have us complete this process or they can elect to use our APIs to do themselves.
If Click Boarding is asked to perform the deletion, the client will receive a notification when it is complete. This is handled via a ZenDesk support request for tracking purposes.
Comments
0 comments
Please sign in to leave a comment.