How Do I Set Up iSmartRecruit for GDPR Compliance?

About GDPR

The General Data Protection Regulation (GDPR) is a major regulation in EU law on data protection and privacy for all individuals within the European Union. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

Terms in GDPR

The following are the key terms used in GDPR.

1. Data subjects
   It would mean candidate information in general. And "personal data" would be any information that can be used to identify the data subject. This includes the candidate resume, name, email, contact number, address, etc.
2. Controllers
   It decides the purpose of personal data processing like for which job personal data will be used and the means to do that. Controllers could be direct employers or staffing agencies. 
3. Processors
   It would be a talent acquisition tool or ATS or any legal entity that processes personal data on behalf of a controller.
4. Processing
   It would mean any activity executed on personal data, such as store information, update information, delete information.

Changes iSmartRecruit is initiating for making it GDPR compliant

We are implementing changes throughout the system to ensure the customer that iSmartRecruit is fully ready to tackle any changes that need to be made to make it GDPR compliant.

Our team is actively working on building the policies and services to make iSmartRecruit GDPR friendly. We are reviewing our data and prioritizing any changes that need to be made in advance of the GDPR before GDPR comes into act.

Here are some of the ways iSmartRecruit is making its customer GDPR ready

System Configuration - GDPR Compliance Setting

In the system configuration screen of iSmartRecruit, there will be an option to enable the GDPR Compliance. Once you enable this option, the system will take care of necessary information and actions which are necessary for GDPR Compliance like candidate consent, candidate rights, etc. 

In the same configuration, the administrator can configure the default consent validity period also. Once the candidate provides the consent, the system will calculate the consent expiry date based on the consent validity period. 

Applicant - Terms & Conditions

The recruitment agency or direct employer can frame the terms & conditions and configure that in the system configuration. Whenever any applicant submits the profile, the applicant has to accept the terms and conditions. We advise to include all necessary clauses in terms & conditions to safeguard your interest concerning GDPR. You can also include terms about consent from the applicant to use his/her personal data for the necessary purpose and consent last for. 

Here is the configuration screen:

An applicant can see the terms & conditions in the following way:

Report

We will add a report to identify the following.

     - Candidates for which consent already expired

     - Candidates for which consent is about to expire

This report helps the user to identify the candidates who are eligible for consent renewal, and the user can directly send mass emails to them to renew the consent. 

Additional attributes of Candidate Information

The system is going to capture the following additional information concerning candidates.

     - Consent issued date

     - Consent expiry date

Candidate Consent Status

The system will display the consent status of the candidate in the Candidate Search screen. The status could have one of the following values.

     - Consent Expired

     - Consent Issued

     - Consent Requested

Our goal is to ensure that consent information is visible to team members when they're interacting with candidates, so they can avoid non-compliant actions, like reaching out to a candidate who did not consent to contact. 

Candidate Search

There will be additional criteria in the system to filter candidates, which are with the consent and without/expired consent. A user can do necessary mass emailing to candidates whose consent has been expired or not taken.

Candidate Information

When you open a dialog to view the candidate information, the system is going to show the status of consent.

Record Audit Trail Information

When the candidate approves the consent request, the system is going to store the IP address, browser, country, etc. of the candidate as audit trail information. This information will not be displayed anywhere in the system, but it will be available on request to support.

Candidate Access

You can provide access to the system to the candidate and allow the candidate to execute the following rights which are provided under GDPR. 

     - Right to be forgotten

     - Right to change the information

     - Right of access

     - Right to move data 

Additionally, we will provide an interface to give consent to use personal data. Once they provide consent the system will record this action and set up the consent expiry date as well. 

Dashboard Widget

We will add a new widget in a dashboard, which gives you an overall summary of candidate consent status. The widget will have the following information. 

     - Total Candidates with Consent

     - Total Candidates with Expired Consent

     - Total Candidates without Consent

     - Total Candidates with Pending Consent

iSmartRecruit Terms & Privacy Policy

We will update our terms of use and privacy policy to fully comply with the GDPR terms.

If you have any questions or queries regarding the content you can email us at [email protected]. We would be happy to help and our suggestions are more than welcome.

Self Service Portals give you the freedom to manage GDPR stuff

GDPR related stuff is very crucial to handle. Self Service Portals give the freedom to Candidates to handle the GDPR Compliance their own way.

• They can also erase the consent request. They can update the status of consent
• Candidate can use a self-service portal to give an update consent period.

Please do share our blog on your social network.