GDPR (General Data Protection Regulation) is a piece of legislation that is designed to strengthen and unify data protection laws for all individuals within the European Union. The regulation will come into effect and be enforceable on May 25, 2018.
General Data Protection Regulation (GDPR) replaces the Data Protection Directive (DPD 95/46/EC) and enhances the rights of EU individuals over their data and strengthens data privacy. GDPR will fundamentally change the way organizations across the planet approach data privacy.
Despite being a European Union regulation, GDPR impacts all businesses across the world that process or control data of European citizens.
The main purpose of the GDPR is to offer EU citizens (including the UK) a high level of protection from data breaches and strengthening the privacy of an individual's personal data. Under GDPR, the concept of “personal data” is very broad and covers any information relating to an identified or identifiable individual (also called a “data subject”).
GDPR grants people i.e the customers, citizens etc, a range of data subject rights, which they can exercise in certain conditions or situations, albeit a few exceptions.
In summary, here are some of the key changes to come into effect with the upcoming GDPR:
Routplaner fully complies with GDPR in our role as a data processor. GDPR is a complex piece of legislation and we've been working with privacy experts and our attorneys to be sure we're completely compliant with GDPR.
Here's a high-level overview of what all we have done in order to be GDPR compliant.
Here's a detailed log of the eight essential data subject rights and what we have done in order to facilitate the rights in accordance with GDPR, to ensure the privacy and security of our customers:
Individuals have the right to receive clear and accurate information about how a business has acquired their data, who is processing the data and why, and how will it be stored and used.How Routplaner complies?
When candidates use the job application page to apply to jobs, Routplaner gives candidates an opt-in button with a privacy document that tells candidates how data will be used. When you manually add candidates into the system it is your duty as a “Data Controller” to inform your candidates about how you will use their data.
Individuals will have the right to request access to the personal data that the organizations own about them.How Routplaner complies?
Our “Update Resume” Feature allows you to send your candidates a link they can use to access all the information you have stored about them.
Candidates will now also have the ability to edit, update and rectify any missing or incorrect or outdated information that has been stored about them.How Routplaner complies?
With our “Update Resume Feature,” you can send your candidates a link that they can use to update their information or resume/CV.
Candidates will be able to request the organizations to delete their personal data or submit a “request to be forgotten” at any time if they no longer want their data to be stored or processed.How Routplaner complies?
If a candidate or client requests that you delete their information, you can simply select their record in Routplaner and click on delete. We erase the record and all associated files immediately.
Individuals have the right to request a restriction on the processing of their personal data, pertaining to certain conditions or circumstances. When processing is restricted, data controllers are permitted to store the personal data, but not use it. An individual can make a request for restriction verbally or in writing. Organizations will have one calendar month to respond to the request for restriction.How Routplaner complies?
If a candidate asks you to not delete but restrict their profile. For example, keep it in your system but not send them messages about new opportunites or send their profile to hiring managers. To help you stay compliant, Routplaner lets users tag candidates so that they are no longer sent to hiring managers or contacted for open job opportunities.
Individuals have the right to transfer data from one electronic processing system to and into another electronic processing system at will, and if requested, companies have the new GDPR standard of 30 days to comply to the request. For eg: switching from one social network to another or from one cloud provider to another.How Routplaner complies?
To extract your data from Routplaner, Click on Admin setting on the left side bar and go into Account, here you can click on the “Export Data” and you will be able to download a zip file with all your data.
Under GDPR, candidates have the “right to object” i.e the data controllers can say that they no longer want the personal data processing to be carried out. In practice, the data subject can exercise the right to object more so with things related to direct marketing.How Routplaner complies?
We let users tag & filter candidates & contacts that don't want to receive emails. This allows candidates and clients to opt-out from any communication from the recruiter.
GDPR has provisions on making a decision based solely on automated means without any human involvement. And also automated processing of personal data to evaluate certain things about an individual i.e profiling. Profiling can be part of an automated decision-making process. GDPR applies to all automated individual decision-making and profiling.How Routplaner complies?
All activity in Routplaner, from the submission of eligible candidates to job openings to emailing contacts is done by a ‘human' user who makes the decision to perform that specific action.
In case your data is stolen or lost, and if the concerned data breach could harm you, then it is the job of the data processor to inform you about the data breach without any undue delay. In the light of recent malware attacks like WannaCry, Meltdown this right is of utmost importance to the individuals.
As a software company, we take our customers data and its security very seriously. All your data is encrypted and stored in world class data centers managed by Amazon Web Services (AWS). We also use many services provided by AWS to ensure that data is frequently backed-up and available.
We have implemented dozens of changes and taken lots of steps in order to help you embrace changes brought about by GDPR, as easily as possible, while continuing to focus on our mission of making recruiters lives simpler with awesome software.
This information should serve as background information to help you understand how Routplaner has addressed some important GDPR requirements, that you are legally obliged to comply with, under EU laws.
If you have any queries, you may send them to email@example.com
Last updated 18.05.2018