Talent Rover's Commitment to Data Privacy and the GDPR
Uniform Data protection for the EU has arrived. The new EU General Data Protection Regulation (GDPR) is the most significant European privacy legislation since the release of the 1995 EU Data Protection Directive (European Directive 95/46/EC), These new privacy laws create uniform data protection law across Europe and strengthen the individual rights that EU citizens have over the use of their personal data.
As a data processor, Talent Rover will comply with all applicable GDPR regulations well before the enforcement date of May 25th, 2018. Working in conjunction with data privacy experts, our internal staff, and our client’s personal feedback, we will implement new compliance functionality within our service offerings to assist our customers to meet their GDPR obligations in a straightforward and efficient manner. Furthermore, we are also working with our trusted partners to offer new third party products that make compliance seamless and worry free.
As part of our core trust principles, Talent Rover will continue to make product changes to adapt to the new legislative requirement and keep our customers, partners, and the regulatory authorities informed on our strategies throughout this process. Talent Rover has voluntarily assigned a Data Protection Officer to work with our Compliance and other cross-functional teams to continually monitor the GDPR as it becomes more clearly defined by the regulatory bodies who will be enforcing it.
To learn more about how GDPR impacts the staffing and recruitment industry, as well as how Talent Rover is helping our customers manage their compliance, click here.
Last Updated February 5, 2018
Who is affected by the GDPR?
Data Subjects:The GDPR’s core principles are focused on the strengthening and protection of the rights of individuals which are citizens (“natural persons”) residing in the EU who have supplied their personal data for any of business transaction.
In Talent Rover, Data Subjects are your Candidates, whom you collect information on whether it be by parsing in a resume, sourcing their information off publically accessible websites, or other means. Data Subjects are also your Accounts where you are trying to place these candidates.
Data Controllers: The GDPR defines Data as the entity that determines what type of personal data is required and how or why personal data is used.
As a Talent Rover customer, you are the Data Controller because you determine the information you collect, the purpose you use it for, and the reason you are collecting information from Accounts and Candidates.
Data Processors: The GDPR identifies Data Processors as all entities that process data on behalf of a data controller as directed by the data controller. The definition of “data processing” is quite broad and includes actions such as organizing, retrieving, recording, etc.
Talent Rover is your Data Processor, as our platform serves to process the data you control and instruct us to collect data as part of your business process.
Data Processing Obligations:
Under the new GDPR principles data processing obligations are no longer the sole obligation of the data controller. This duty is now shared with the Data Controller and Processor. Both the Data Processor and Controller have separate obligations they must be complaint with. Below we have provided a high-level summary of these obligations but recommend you familiarize yourself with the recitals in the GDPR hereà https://ico.org.uk/for-organisations/data-protection-reform/
Your obligations as the customer:
- Privacy by Design
- Data Minimization
- Appointment of Data Protection Officer
- Written Data Processing Agreement for Data Processors
- Data record keeping and maintenance
- Reporting of Data Breaches and notification to Data Subjects with Undue Delay (72 Hours)
Talent Rovers obligations:
- To act only as the Data Controller requests (typically, as the Data Processing Agreement states)
- Impose confidentiality on personnel processing data and ensure confidentiality of data processing activities
- Implement measures to assist data controllers with compliance
- Return or destroy personal data at Data Controller’s request or end of service.
- Provide Data Controller the information necessary to demonstrate GDPR compliance
- Only appoint new Sub-Processors of data with the permission of the Data Controller
- Actively maintain records of data processing
- Continue to Implement measures for data security and data protection
- Appropriate measures for cross-border data transfers
Please check back soon for more information about Talent Rover’s progress in its GDPR initiatives. For more information about the GDPR in general please check out the Information Commissioners Office Website at https://ico.org.uk/for-organisations/data-protection-reform/
As Part of our commitment to providing the highest security, availability, and confidentiality for clients Talent Rover also undergoes an annual SOC 2 Type 2 Audit. For more information about Talent Rover Compliance or a copy of this audit report please contact firstname.lastname@example.org.