It has been said that GDPR is about risk management.
The best form of risk is no risk. That’s why we have removed all the risks that managing data via websites brings more effectively than any other vendor.
We have worked directly with the ICO, and other recognised GDPR experts for the recruitment space, to validate our approach to GDPR. We are pleased to say that we passed with flying colours, but we are ready for further change as the law evolves.
We act as a ‘data processor’ for our clients and have prepared our websites to accommodate your needs to process data in line with the requirements of GDPR. Our systems have taken a strict ‘privacy by design’ approach. Minimal data is taken through the RecruiterWEB system to meet all parties’ needs, and the information is kept on our platform for the minimum period needed to complete functions like applying for jobs, setting job alerts, and entering timesheets, etc. (an average of 3 seconds).
All data is sent by secure methods with recognised encryption standards to our clients. Once receipt of the data has been received by your chosen end system (your ATS or job posting partner, etc.), the data is then securely deleted from our systems. Furthermore, the data is processed at a code level with no human intervention or access by RecruiterWEB staff during general site operation.
If you are looking to process ‘consent’ via your website, then there are features we can provide. However, we also work with a third-party software vendor that specialises in ‘consent’ within the recruitment space. The principal value of a third-party system for ‘consent’ is that you will meet the requirements of the ICO and GDPR to keep your ‘consent’ process separate from any other method. They will also not bend their rules to suit our or any other system.
If you favour the ‘legitimate interest’ path, then our websites are set up in default mode to process personal data in line with ‘legitimate interest’ principles.
GDPR and your candidates, clients, and suppliers
We have tools and features that permit your clients, candidates, and suppliers to deal with SARS and request to be forgotten, etc.
We have collaborated with a team of GDPR experts who have recruitment-sector knowledge. Along with our expertise and your own, we can create a team that can ensure you are compliant while still being able to trade and flourish under GDPR.
Employees and supply chain
Our employees have been trained in the relevant aspects of GDPR and data privacy, etc., and we are seeking qualifications under cyber essentials.
The servers we operate are based in Germany, and the supplier has been vetted for GDPR compliance. In Germany, the DPO has to be qualified, and the vendor we have partnered with for the past nine years has been through staff training for GDPR, and its DPO is qualified.
We are insured with Hiscox, a respected name in the business insurance market. As more protections come to market in terms of insurance that relate to GDPR exposure, we will take on the relevant cover. For now, we have professional indemnity insurance, public liability insurance, employers’ liability insurance, and cyber and data risks insurance.