The rules around data collection and processing changed in May 2018 to the new General Data Protection Regulation (GDPR). If you use software for your recruitment processes, it is vital that your use of it is compliant with GDPR. The following are three steps to ensure that it is.
- GDPR compliant recruitment software are secure
There are several ways in which you can check that your software is secure, and security is not just about access to information, but also editing, removal and sharing of information. GDPR compliant recruitment software will be fully auditable; every entry and deletion will appear in an audit trail with the ID of the user who carried out the task, together with a date and time stamp.
Logins must be password protected as standard, with a requirement for users to change their passwords regularly. Software can be made further secure by restricting access by user ID. Users will only be able to view the records relevant to them and may not be able to edit at all, for example, whereas other users, such as HR, will have a broader view of the records in the system and greater editing privileges. Documents created in the software and sent on can be tracked and traced within the system, ensuring not only that the document flow is secure, but that work is completed on time and is not duplicated at any point.
- Appropriate collection, storage and use of data
Data should only be used for the purposes for which it was collected and should not be stored for longer than is necessary for that purpose. For example, if you have collected data on an individual as part of a recruitment process, if they are not shortlisted for interview, unless they have agreed for their details to be kept on file for a further period in case a suitable role becomes available, the data collected on them must be deleted.
GDPR compliant recruitment software can be set up to follow data retention rules and automatically delete information when it falls outside these rules. The software can also ensure that correct wording is used when obtaining consent from data subjects on the use and retention of the data collected from them.
- Accurate and adequate data
The software can automatically assign review dates for information held in the system, prompting the appropriate staff to review the information which is held and determine whether it should be deleted or if it can be retained. The software can also help users by explaining legitimate reasons for retention which are GDPR compliant, as well as reasons why it should be destroyed.
The General Data Protection Regulation can be complex to navigate and comply with, so choosing a software package which is set up to be compliant will greatly assist you in fulfilling your duties and collecting data safely and legally. Ensure that the above three areas are considered in choosing and setting up your recruitment software in order to protect your organisation.