We know you’ve probably been waiting for this one for a while. If you haven’t already updated your privacy settings, you better do it before the end of the summer holidays and here’s why. On the 25th of May 2018, the EU General Data Protection Regulation (GDPR) came into effect. Whatever your occupation, you’ve almost definitely been affected by the new regulations. So, what does it all mean for job boards and job board users? Jobboard Finder is here to help understand the implications, consequences and what you should do about it.
In a nutshell, the new GDPR is designed to give people (Data Subjects) more privacy and more control over their own data (in other words, the personal information they share on the internet). To do this, the data companies can collect is regulated, by requiring them to be more explicit about the data usage. Hencefore, companies will need to explain to data subjects what data is being collected, what they intend to do with it and they will need to provide easy acces to the information for the data subjects. But that’s not all: companies also have to give people the right to consent (or decline) to the use of their data. It sounds simple, but it can quickly become a complicated matter.
Why is it important?
Who is directly targeted by the regulation and why is it important for job boards to take it into consideration? The regulation applies to any company that either gathers, processes, or uses personal information. While this is an EU regulation, it also applies to any company who either obtains data from – or transfers data to – entities within the EU. So, Job boards that have jobseekers from the EU or who provide CV database access to EU recruiters are also expected to comply with this regulation. It is important to follow the rules because failure to comply could cost you up to 4% global revenue or €20M (whichever is greater). Also, there is no grace period: if you don’t comply and adapt your job board accordingly, it could cost you.
Before explaining what job boards need to do, we have to understand the terms we’re using:
Data Subjects: The users and customers of companies and organizations whose information is obtained and stored.
Data Controllers: The Data Controller is the person or organization that gathers and uses a Data Subject’s personal data. They decide what information they will use and what they will use it for. The Controller is legally responsible for ensuring that the data is used correctly. They also instruct the Data Processor on what data to process and how to process it.
Data Processors: Data Processors are generally subcontracted organizations that use or process the data according to the instructions of the Data Controller. However they do not technically have control over the data. Generally, the Data Controller has more responsibility for ensuring that the data is obtained and processed legally.
Is your job board in trouble?
Job boards, specifically those that keep a CV database, need to be very much aware of the GDPR because one of their primary functions is to gather and store the personal information of others. However, they need to be particularly wary because it is not always clear whether they are considered a Data Controller or a Data Processor. If a job board provides recruiters with access to its CV database, it becomes a Processor and the recruiter is the Controller of the database. In that case, the job board is less responsible legally for what the recruiter does with the information. However, the CV database provider can also be considered the Data Controller, so you want to make sure you know what is legally expected of you.
Job boards may be required to take certain precautions to protect themselves so that they aren’t held accountable in these instances. To further understand their responsibilities in instances such as these, job boards should seek professional legal advice.
Here are a few tips to stay in the GDPR good books
If you can keep the following keywords in mind, you should be okay:
Awareness: Everyone in the company should be made aware that you are all responsible for the privacy and the security of the customers’ and users’ data.
Transparency: Candidates and job board users should be made aware of what information will be gathered, how it will be processed, what it will be used for and by whom.
Consent: Candidates and job board users should have the option of consenting or opting out of accepting these processes. Furthermore, you’ll need explicit consent to obtain and process sensitive data such as health, family, or biometric information. Finally, consent from a legal guardian must be obtained for individuals under 16 years of age.
Legitimacy: The data you collect and how you process it must be legitimately related to the central functioning of the job board and the services it provides. Furthermore, if anyone in your organization doesn’t have a legitimate need to see the data, they should not be able to.
Right of Access and Right to be Forgotten: Candidates should be able to access and modify their information as needed or requested. They also have the right to demand that their information be deleted which must be done within one month of the request.
Data Protection Officer: Someone with legal and/or technological knowledge should be put in charge of data security. It is their responsibility to ensure compliance with the new regulations and to notify the authorities within 72 hours of a data breach.
Data Protection By default and Privacy by Design: Essentially these terms mean that all personal data or data which could identify an individual must be pseudonymised using encryption. Furthermore, the inscription and decryption must be done within the company, not externally as the encryption keys and the data must be controlled by the Data Controller.
If you use job boards, you’ll be happy to know…
We hope you have found this article “How the General Data Protection Regulation (GDPR) affects Job Boards” useful! Please let us know if you’d like us to cover any specific topics in the Jobboard Finder blog
Source of the GDPR image: convert.com
« A Review of the Craigslist Job board
DICE: Goodbye Germany, Goodbye UK »