As a customer-first organization and best-of-breed recruitment technology provider, we are committed to securely protecting our customers’ data and privacy. We have a comprehensive initiative to ensure compliance and will continue to enhance our existing data privacy and protection infrastructure. We are also developing tools and processes that will enable customers to use JazzHR to assist in their own GDPR compliance efforts.
We are at the height of the digital age, and almost every company, across all industries, is collecting some form of consumer data. However, collecting enormous amounts of data on individuals – from email addresses for marketing materials to tracking consumer buying habits - brings along multiple concerns, especially around ethics and security.
The European Union has identified these concerns and has put a new regulation, the General Data Protection Regulation (GDPR), in place to protect its citizens. On May 25, 2018, the new legislation goes into effect and will be strictly enforced, setting the new standard for consumer rights regarding the protection of their data.
What does the GDPR cover?
The GDPR regulates the processing of data for EU individuals, which includes collection, storage, transfer, or use. Any organization that processes personal data of EU individuals is within the scope of the law, regardless of whether the organization has a physical presence in the EU. It is important to note that the GDPR concept of “personal data” is very broad.
For companies subject to GDPR, the compliance requirements for processing data are significant, including:
- Gathering and using email addresses
- Documenting internal processes to stay GDPR compliant
- Conducting a Data Privacy Impact Assessment for new technologies
- Mandating certain types of businesses hire a Data Privacy Officer
- Creating privacy policies and compliant contract terms
- Reporting obligations when a data breach occurs
What is Personal Data?
Any kind of information that can be used to identify a person – like a candidate’s name, email address, social networking posts, and even down to information as granular as their computer IP address.
What Does This Mean For Employers?
The new regulation will affect any organization that stores and/or processes the personal information of EU citizens. There are three levels of GDRP classifications you should be aware of that cover everything from data security, data control, and governance.
|Data Subjects||Data Controllers||Data Processors|
|Ex: The candidates you recruit||Ex: Your organization||Ex: JazzHR|
How to Comply
- Determine the legal basis for collecting the information and be fully transparent with the types of data and what specifically will be done with that data.
- Only use the data for what you originally intended – you cannot recycle the information for marketing emails or to sell to third parties.
- Be mindful about the amount of data you are collecting – only collect the personal information you need to complete the task at hand. For example, if someone is applying for a job, only collect the basics needed to accurately fill out the application.
- Keep your records up to date – outdated information on candidates can be considered a violation. While you have the data, ensure that it is secure at all times.
- Don’t keep the data for extended periods of time. This goes hand in hand with the statement above. While there is no designated expiration at this time, be weary about the data’s “shelf life”.
JazzHR's Approach to GDPR
Building on our existing data-privacy and security infrastructure, we will support our customers in their GDPR compliance efforts with a combination of new features and in-app best practice guidance.
While JazzHR has few new requirements for GDPR, many of our existing feature sets can help customers meet their own requirements. For example, our bulk actions feature can perform mass deletion of candidate data, our custom questionnaires features allow for easy collection of consent, our candidate export provides data subject records in CSV format, and workflow triggers enable the sending of additional information related the data subject's rights immediately upon application.
JazzHR Features and Functionality to Support GDPR:
- Secure Job Board Pages: Customer job boards will default to HTTPS by May 22, 2018
- Bulk Deletion: Our bulk actions feature can be used to delete candidates whose records have been deemed no longer relevant
- Application Disclaimer: Customers can set a default application disclaimer, which is applied to all of their job applications, informing candidates of how they handle their personal data and their data retention policies
- Customer Data Deletion: When customers cancel their JazzHR account, their data may be deleted from JazzHR’s systems in accordance with our Terms of Service. Request for your account to be deleted by emailing firstname.lastname@example.org
If you'd like to learn more about using JazzHR’s features to help manage your compliance efforts or if you have questions, please reach out to us at email@example.com.
In order to request the deletion of your JazzHR data, please have your Account Owner email firstname.lastname@example.org and request the deletion.