Is Recruitee GDPR Compliant?
Anyone sourcing talent or hiring from within the European Union (EU) needs to be concerned with GDPR.
The General Data Protection Regulation applies to anyone handling personal data from an EU citizen or person located within the European Union’s Economic Area. GDPR even applies to an American citizen temporarily working or vacationing in Europe.
Unless you’re carefully screening out anyone from within the EU, your applicant tracking system needs to be GDPR-compliant. Software solutions are beginning to adapt by offering features that support GDPR-compliance, one of these tools is Recruitee.
What is Recruitee?
Recruitee is a talent recruitment and acquisition solution that consolidates your recruitment pipeline. It can take you from initial candidate attraction to hiring right within the platform. It integrates with job listing boards, social media sites, and other HR solutions so you can automate your hiring process and run it at scale.
You can post your listings on over 1,250 global job sites right from Recruitee, plus they’ve worked out a 30% bulk discount for orders of postings on these premium sites. Every posting gets its own page and email address so you can then share these links on social media to broaden your search and quickly gather resumes.
If you want to search through candidates at other companies, Recruitee has a chrome extension that will help you source on other websites, such as Github. You can even save possible future candidates into designated talent pools.
You can customize your automated tasks, workflows, templates, and hiring processes with Recruitee, allowing you to optimize every step of the process.
Candidates are brought to your career site for streamlined applications, screening, and integrated video interviewing.
Where Recruitee really sets itself apart, is its GDPR-compliant features. It isn’t just compliant with your company’s information, it offers everything you need to make your own hiring process GDPR-compliant.
What Makes a Solution GDPR Compliant?
GDPR stands for the General Data Protection Regulation, a European Union (EU) set of laws protecting the privacy and personal data of any EU citizen or resident, along with anyone who may be located within the European Economic Area.
According to the EU, these laws are applicable worldwide. This means that any company or organization processing the data of someone in the EU is subject to it. Even gathering the IP address of someone within the EU leaves you subject to GDPR.
Under GDPR, you’re only allowed to process personal data if you have specific and clear consent, you need to enter a contract, you have a legitimate interest, you’re performing a task in the public’s interest, you’re complying with the law, or you’re trying to save someone’s life.
GDPR separates those who handle personal data into two groups: data processors and data controllers:
- Data controllers determine the reason and methods for processing data
- Data processors are those who process personal data on the controller’s behalf
Both of these groups are subject to the law including the seven key principles upon which the GDPR was based. These principles are:
- Lawfulness, fairness, and transparency
- Purpose limitation
- Data minimization
- Accuracy
- Storage limitation
- Integrity and confidentiality
- Accountability
All personal data must be protected by design and default, and can only be collected after consent is explicitly asked and freely given.
People whose data has been collected always have the right to access, rectify, erase, restrict processing, move, object, and make decisions related to their data. Any solution offering GDPR-compliance needs to meet these conditions.
Does Recruitee Meet GDPR Standards?
If you’re using Recruitee, you are the data controller and the platform is the processor. You will be able to determine how it processes your candidates’ data and you’re also responsible for protecting it.
Recruitee simply provides the technical tools and capabilities you need to stay GDPR-compliant, starting with an advanced cookie display feature for anyone landing on your career site.
You can explicitly ask candidates for their consent to process personal data and easily allow them to withdraw this permission by simply clicking a link.
If a candidate wants to see their information, you can share their profile with them through a link or exported CSV file. Candidates can also make correction requests. Recruitee meets GDPR standards by including a correction request link in every email.
You can program a data retention period, after which profiles will be automatically deleted, or Recruitee can anonymize your applicants’ personal information. Eliminating all the personal information from your data removes it from GDPR’s scope, giving you a way to hang onto old profiles and more data.
Recruitee has a data processing agreement that includes technical and organizational measures. One specific measure that helps them stay GDPR-compliant is having a data security officer and legal counsel on staff.
They also keep their data within the European Union (EU) to restrict it from being exported.
How Should Recruitee Be Used for GDPR Compliance?
Recruitee lets you give your candidates granular control over their personal data. Most of the work is done for you, but you will need to make some customizations.
First, enable the GDPR function within the platform. Then go in and set your candidate retention period for however long you want to keep personal data.
After this, add in your privacy policy. This should be a fully GDPR-compliant privacy policy, which lets candidates know what your data retention period is. Recruitee will handle the rest, such as adding informational links into your email confirmation footers.
You can set Recruitee to automate certain tasks, like requesting permission to store data for candidates who are nearing the expiration period. It will also let you automatically delete anyone who has expired, didn’t give ever consent or withdrew consent. To easily manage the stored data you can use cloud data warehousing.
Conclusion
In summation, you as a data controller are responsible for maintaining GDPR-compliance. There’s a lot more to go through like drawing up your data privacy policy, creating a data breach protocol, and appointing a data protection officer.
The European Union (EU) takes data privacy and protection seriously. It views this as a human right and therefore has established many consequences for breaching GDPR.
The EU reserves the right to fine data-breachers up to €20,000,000 or up to 4% of your annual turnover, whichever is greater.
Our dedicated privacy compliance services can help you avoid this. Accountable seeks to keep you updated on all requirements of GDPR and other data privacy laws so that you can reach and stay compliant as easily as possible.