The General Data Protection Regulation (GDPR) is a new legal framework that comes into effect on 25th May 2018 in the EU. It will replace the current UK Data Protection Act 1998 and, for recruiters, change many of the rules around storing and processing candidate data.
We know that many companies are thinking about how they adopt GDPR. It’s important to remember that GDPR isn’t just about candidate data, it applies to any data you store or process about any European citizen. If your company does not comply, you may be fined up to €20m or 4% of your annual global turnover.
Here at Tribepad, we’ve been preparing for GDPR for a while. We’ve already looked at how we can help our customers adapt to and comply with the new legislation to avoid any penalties. Here’s what we’re doing and how it will help.
How Tribepad is preparing for GDPR
In preparation for GDPR, we are implementing some additional features and functionality to help make sure our customers can comply. More importantly, these changes ensure candidates have control over their own data.
Here are some of the things we are already working on and will implement in Tribepad ATS over the next couple of months.
- Candidates will be able to delete their own profile*
- Recruiters will be able to delete candidate records without raising a ticket.
- If you pass candidate data to a third party supplier, for things like skills testings and background checks, candidates will be able to opt-out and withdraw.
- When your ATS auto-suggests candidates to recruiters, those candidates will be able to opt out.
- Candidates will be able to opt out of receiving emails from recruiters for other opportunities, including CV searches and unsolicited communications.
- Candidates who were referred by other candidates but have not created an account will be able to remove their email address from the system.
We’re also going to introduce the following measures to make sure that candidates are aware of and able to manage changes to their information. Here’s what we are currently working on.
- A third-party notification system to request personal or identifying data that can be removed on request.
- A new process that allows candidates to reject an import request from a third-party system, such as Broadbean. The candidate will be asked to confirm their consent, which will then be recorded.
- An updated process for creating passive candidates, so that they are always informed when their details have been added. They will be asked to consent to or reject the request.
- A process for agency candidates – similar to the one described for passive candidates – where they are asked to give explicit consent and able to remove their details.
Finally, we are also developing new features for Tribepad ATS that will help customers with data retention rules and protection reports.
- Customers will be able to configure their own data retention rules, where they currently need support from the Tribepad team.
- Customers will be able to create new data protection reports, which will show details including how many candidates are X days old, how many are pending authorisation, and which candidates have profiles that they did not create themselves.
All this is coming before GDPR comes into force on 25th May 2018. We’re working hard to make sure all our customers are ready and have everything in place to be compliant. We’ll keep you regularly updated as the deadline approaches.
Learn more at our GDPR webinar
Want to find out more about GDPR and how it affects your recruitment processes? Join us for a one-hour webinar session and Q&A on 14th March 2018, 11:30am–12:30pm, where we will tell you everything you need to know. You can register your place on Eventbrite now, but be quick because spaces are limited.
* without asking you to do it for them. This feature will be optional for customers so please let us know if you want this turned on.