Is your recruitment team prepared for GDPR compliance?
GDPR kicks in on May 25, 2018 – What do I need to know?
The GDPR (General Data Protection Regulation) is an important piece of legislation designed to strengthen and unify data protection laws for all individuals within the European Union. The regulation will become effective and enforceable on May 25, 2018.
The GDPR regulates the processing of personal data about individuals in the European Union including its collection, storage, transfer or use. It gives data subjects more rights and control over their data by regulating how companies should handle and store the personal data they collect. The GDPR also raises the stakes for compliance by increasing enforcement and imposing greater fines, should the provisions of the GDPR be breached.
Here are some of the key changes to come into effect with the upcoming GDPR:
- Expanded rights for individuals: The GDPR provides expanded rights for individuals in the European Union by granting them, amongst other things, the right to be forgotten and the right to request a copy of any personal data stored in their regard.
- Compliance obligations: The GDPR requires organizations to implement appropriate policies and security protocols, conduct privacy impact assessments, keep detailed records on data activities and enter into written agreements with vendors.
- Data breach notification and security: The GDPR requires organizations to report certain data breaches to data protection authorities, and under certain circumstances, to the affected data subjects. The GDPR also places additional security requirements on organizations.
- New requirements for profiling and monitoring: The GDPR places additional obligations on organizations engaged in profiling or monitoring behavior of EU individuals.
- Increased Enforcement: Under the GDPR, authorities can fine organizations up to the greater of €20 million or 4% of a company’s annual global revenue, based on the seriousness of the breach and damages incurred. If you are a company outside the EU, you should still be aware of this. The provisions of the GDPR apply to any organization that processes personal data of individuals in the European Union, including tracking their online activities, regardless of whether the organization has a physical presence in the EU.
What changes has Jibe made to be GDPR compliant?
We have taken serious steps across the company to ensure we will be ready for the GDPR. Jibe has performed data privacy assessments to map the collected data to controller or processor roles with our customers. Additionally, we are working with 3rd party partners to ensure they are similarly compliant within the processor or sub-processor roles.
Jibe is adding consent interfaces for the collection of personal data, along with self-service interactions for job candidates to manage their GDPR rights relative to the personal data. Jibe is also updating policies and procedures to fully prepare for GDPR management and reporting.
If you have additional questions around what GDPR means for you or your organization please contact firstname.lastname@example.org for further details.