What is GDPR?
The General Data Protection Regulation (“GDPR”) is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Union (“EU”)*.
The GDPR effectively extends the reach of the European Union’s data protection laws and establishes many new requirements for organizations that fall under its scope. Companies in and outside of the EU must make sure they comply with the GDPR when processing personal information of EU residents.
In essence, GDPR demands that data controllers and processors provide greater transparency to EU residents as to how their personal data is collected and processed. Furthermore, such data collection must be done in a lawful and fair manner and certain rights must be provided to data subjects. Entities may face harsh penalties for violations of GDPR obligations.
* The EU GDPR does not apply in the UK after the end of the Brexit transition period on December 31, 2020, but the essence and principles of EU GDPR remain the same in the UK General Data Protection Regulation. For the purpose of this Article, the term “GDPR” refers to both EU GDPR and UK GDPR, and EU personal data includes UK personal data.
What steps does hireEZ take to comply with GDPR?
hireEZ values consumer trust and is committed to GDPR compliance.
GDPR requires that personal data "may only be collected for specified, explicit and legitimate purposes and must not be further processed in a manner that is incompatible with those purposes." hireEZ and our customers, as data controllers, will therefore need to pay extra attention to what personal data is being stored - and why. Both hireEZ and our customers will not store personal data that is not necessary or justifiable for the purpose of employee recruitment and providing such services, or use such data for other purposes. To comply with GDPR, hireEZ has instituted the following:
- hireEZ appointed a Data Protection Officer (DPO), who is properly and timely involved in all issues related to the protection of personal data and reports to the highest management at hireEZ.
- When legitimate interests is the legal basis relied on, the hireEZ platform includes a mechanism to send “notice” to data subjects, informing them of hireEZ’s data collection and processing practices along with an explanation of the legitimate interests legal basis and their data subject rights.
- hireEZ provides a portal on our website where data subjects can submit requests to exercise their rights with respect to their data, such as access, removal, and correction.
- hireEZ documents the locations where personal data, flowing to and from the EU, is located, processed, stored, or transmitted.
- hireEZ conducts Data Protection Impact Assessments (DPIAs) where required under GDPR.
- hireEZ enhanced its ability to identify and report data breaches. GDPR requires us to report any breach to the GDPR supervisory authority and the appropriate controller when hireEZ is acting as a processor, without undue delay, and where feasible, no later than 72 hours after having become aware of the breach.
An additional FAQ on GDPR is here.
GDPR Profiles in hireEZ - When Legitimate Interests is the Legal Basis for Processing Personal Data
When you do come across a profile with masked personally identifiable information, it means notice must be sent to the candidate first in order to view their information. Any action that you take to reveal their contact information (uncover contact information, send email, export, or share with hiring manager/collaborators for feedback) will trigger the sending of a privacy notice to the candidate.