General Data Protection Regulation
On 25 May, 2018, the General Data Protection Regulation (GDPR) will take effect in the European Union (EU). GDPR will impose strict controls on how all organisations collect and process personal data within the EU and/or personal data of EU citizens.
The regulation outlines six key points for organisations that process individuals’ personal information. Data must be:
- Processed lawfully, fairly and transparently
- Collected for specified, explicit and legitimate purposes
- Adequate, relevant and limited to what is necessary for processing
- Accurate and kept up to date
- Retained only for as long as necessary
- Processed in an appropriate manner to maintain security
Information Request Tool
Streamlines and automates the process of collecting information from candidates. This can be used for confirming consent in regards to the GDPR.
Prevent users from editing or deleting notes once they have been created, ensuring the integrity of your database. This stops unauthorised users from editing or deleting important information - such as GDPR consent.
Sent Document History
Easily track documents which have been sent from the system, including when and who they were sent to. If you receive a SAR (subject access request) you will have the data easily available.
Export all of your data, at any time, from within the system in CSV format. This allows you to comply with data portability and information requests.
Right to be Forgotten
When records are deleted, all associated data is also permanently removed (inc documents, notes and emails etc). A record of the action is also added to the system log providing you with an audit trail.
Processing of Data
Recruit So Simple acts as a data processor on behalf of our customers. As a customer of Recruit So Simple you are entering into an agreement which gives us a legitimate basis to process your data (in line with GDPR requirements).
The security of customer data has, and always will be, taken extremely seriously. Our infrastructure is hosted by Amazon Web Services (AWS), which provides industry-leading security and has a long list of internationally recognized certifications and accreditations including: ISO 27017 for cloud security, ISO 27018 for cloud privacy, SOC 1, SOC 2 and SOC 3, PCI DSS Level 1 and many others.
All customer data is backed up at regular intervals and stored in two alternative locations within the EU at all times, as per AWS recommended guidelines. Finally, security and performance tests are carried out at regular intervals to ensure the smooth running of the service.
Along with a standard username and password, all customer databases can be secured with additional layers of security including: 2-Step Authentication, Access Control Lists, and use of the in-built comprehensive Permissions System. All customer data can be exported at any time from within the system by an authorised user. Finally, there is a detailed system log which provides an overview of activity on the database for auditing and security purposes.
Recruit So Simple operates a support ticket system which is built directly into the database. All account enquiries require a support ticket to be opened by an authorised user. The ticket system is used to confirm the authenticity of the request and to protect the customer’s account and data. Recruit So Simple will refuse to discuss or provide information about an account until this has been done.
In the unlikely event of a data breach, Recruit So Simple has strict procedures in place to report this to customers, and the ICO within 72 hours of discovery.
Recruit So Simple does not share customer data with any third parties without express written permission.