What is GDPR?
The General Data Protection Regulation (“GDPR”) is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Union (“EU”)*.
The GDPR effectively extends the reach of the European Union’s data protection laws and establishes many new requirements for organizations that fall under its scope. Companies in and outside of the EU must make sure they comply with the GDPR when processing personal information of EU residents.
In essence, GDPR demands that data controllers and processors provide greater transparency to EU residents as to how their personal data is collected and processed. Furthermore, such data collection must be done in a lawful and fair manner and certain rights must be provided to data subjects. Entities may face harsh penalties for violations of GDPR obligations.
* The EU GDPR does not apply in the UK after the end of the Brexit transition period on December 31, 2020, but the essence and principles of EU GDPR remain the same in the UK General Data Protection Regulation. For the purpose of this Article, the term “GDPR” refers to both EU GDPR and UK GDPR, and EU personal data includes UK personal data.
What steps does hireEZ take to comply with GDPR?
hireEZ values consumer trust and is committed to GDPR compliance.
GDPR requires that personal data "may only be collected for specified, explicit and legitimate purposes and must not be further processed in a manner that is incompatible with those purposes." hireEZ and our customers, as data controllers, will therefore need to pay extra attention to what personal data is being stored - and why. Both hireEZ and our customers will not store personal data that is not necessary or justifiable for the purpose of employee recruitment and providing such services, or use it for other purposes. In order to comply with GDPR, hireEZ has instituted the following:
- hireEZ appointed a Data Protection Officer (DPO), who is properly and timely involved in all issues related to the protection of personal data and reports to the highest management at hireEZ.
- When consent is the legal basis relied on, the hireEZ platform includes a "consent" mechanism to collect proper consent from data subjects. GDPR requires that consent be freely-given, specific, informed, unambiguous and given via a clear affirmative action. Single opt-in methods, pre-ticked checkboxes, or "implied consent" do not meet these expectations. In addition, users are informed that the consent can be withdrawn at any time.
- hireEZ provides a portal on our website where data subjects can submit requests to exercise their rights with respect to their data, such as access, removal, and correction.
- hireEZ documents the locations where personal data, flowing to and from the EU, is located, processed, stored, or transmitted.
- hireEZ conducts Data Protection Impact Assessments (DPIAs) where required under GDPR.
- hireEZ enhanced its ability to identify and report data breaches. GDPR requires us to report any breach to the GDPR supervisory authority and the appropriate controller when hireEZ is acting as a processor, without undue delay, and where feasible, no later than 72 hours after having become aware of the breach.
And additional FAQ on GDPR is here.
GDPR Profiles in hireEZ - When Consent is the Legal Basis for Processing Personal Data
When you do come across a yellow notice, it means you need to collect consent from the candidate first in order to view their contact information. Clicking the blue link will send a consent request to the candidate.