This page was last updated on May 16th, 2018.
What’s the GDPR?
The GDPR (General Data Protection Regulation) is a new EU Regulation which will replace the 1995 EU Data Protection Directive (DPD) to significantly enhance the protection of the personal data of EU citizens and increase the obligations on organizations who collect or process personal data. It will come into force on 25th May 2018.
The full text of the GDPR can be found here.
Does the GDPR apply to me?
While the current EU legislation (the 1995 EU Data Protection Directive) governs entities within the EU, the territorial scope of the GDPR is far wider in that it will also apply to non-EU businesses who a) market their products to people in the EU or who b) monitor the behavior of people in the EU. In other words, even if you’re based outside of the EU but you control or process the data of EU citizens, the GDPR will apply to you.
Are there penalties for non-compliance with the GDPR?
Yes. Organizations that fail to comply may face penalties of up to EUR 20m or 4% of global annual turnover (revenue) in fines, whichever is higher.
How is 50skills preparing for the GDPR?
We’ve updated our product:
- We now automatically delete candidates personal-identifiable-information within a set timeframe. Timeframes can be shortened or lengthened.
- We give you the ability to delete candidates data with a click of a button placed in each candidates profile in your instance of 50skills.
- Made sure that even if personal data is deleted, anonymized information exists to generate reports on conversion and other key general statistics. (e.g. it is ok for a company to know how many job applications come in every year, but not ok to know the personal identity of those applicants after they applied).
- The ability to give users access to their personal data upon request in a portable format. If a user asks any of our clients for a copy of their data, we can provide this in timely manner in a portable format. We never include sensitive notes or ratings on a candidate in such a submission, unless specifically told to do so by our customers.
We’ve updated our Data Processing Agreements
Strong data protection commitments are a key part of GDPR’s requirements. Our updated data processing agreement shares our privacy commitments and sets out the terms for 50skills and our customers to meet GDPR requirements. This is part of our master subscription contract made with all customers. Tailored made Data Processing Agreements are also available on request.
We’ve taken new security measures
Security is a priority for us and we have a dedicated security team. We have appointed a Data Protection Officer, whose job is to ensure that your and your customers’ personal data is kept safe. We have regular external vulnerability scans and penetration tests.
We’ll keep sharing information on our progress, and we’ll also help our customers and prospective customers be compliant. Some steps you can take are:
- Get familiar with the GDPR requirements and how they affect your company.
- Review how you process and store data.
- Consider how you can leverage 50skills to help with your GDPR compliance. Deep-dive sessions are available upon request.
- Chat to your lawyer about what your company needs to do
Feel free to reach out to us if you have any questions about the GDPR – we would love to talk!