Since June 25, 2018, the EUPrivacy-Basic Regulation (GDPR). Anyone who violates this will have to reckon with high penalties. What must Recruiter note?

Best of HR – Berufebilder.de®

DSGVO in relation to HR

The General Data Protection Regulation affects the entire processing of personal data in Companys. With the entry into force of the GDPR, recruiters are obliged to record all processing activities. Using applicant managementSystem all necessary processes can be automated, data centrally store and manage in one place. In addition, the data protection-compliant handling of all data is completely verifiable.

Nevertheless, you must ensure the admissibility of the data processing by technical or organizational reasons Measures make sure the Technology design data protection-friendly, be able to assess data protection consequences and report data protection violations. Find out in the checklistif you have thought of everything. In summary, six principles must be observed when handling applicant data:

  1. Transparency: Data must be processed in a manner that is comprehensible to the data subject.
  2. Earmarking: Data from an application may only be used as part of the application process and must be deleted after completion.
  3. Data minimization: Only data necessary for the purpose of the data collection, ie for the recruitment process and the candidate selection, may be collected.
  4. Accuracy: All data provided must be correct and up-to-date at all times.
  5. Storage limit: Data may only be stored for as long as necessary.
  6. Confidentiality: The security of personal data must be guaranteed. This includes protection against unauthorized or unlawful processing and against unintentional loss, accidental destruction or accidental damage through appropriate technical and organizational measures.

1. Save data within the EU

The books on the subject (advertising)

Tip: You can also use this text as a PDF or an eCourse on the subject download. You can also find it in the shop exciting inspiration to experience your success, plus offers & news in Newsletter ! (Advertising)

Without own ITsystem, compliance with the new legislation is hardly possible. Anyone who commissions a provider should ensure that they and third-party providers store the data in the EU, preferably in Germany. In addition, only the data that is necessary for the provision of the service should be transmitted. Check which service providers and which software (e.g. an applicant management or CRM system) is used to process personal data. The contracts for order processing should be adapted to the new regulations of the GDPR. It is best for the service provider to provide a new order processing contract that you as Customer simply accept and thus be able to secure yourself.

Even better is if your supplier is ISO 27001 certified. This ensures that the entrepreneurial and legal requirements are met. Be aware of the scope of a certification, and verify that all processes are certified by the vendor that processes your data, not just the data center.

2. Have the data protection declaration accepted in a verifiable manner

Candidate are to be asked to accept the data protection declaration from May 25th. This can be solved in an IT system by Candidates even before sending yours Application have to actively agree to the data protection declaration via a checkbox. It must contain:

For the greatest possible transparency, I recommend resending the link to the privacy policy together with the confirmation of receipt. The easiest way to do this is via a correspondence template in the system.

But what if eMailApplications? In that case, you should email the prospective customer in advance and ask him to transfer the data to the applicant management system.

Incidentally, the consent to the data protection declaration also applies to employee recommendations: If these are not made using an extra tool, the Employeeswho received a friend's application directly in the HRDepartment, whose consent can be proven. Otherwise the HR department may not accept the documents.

3. Restrict view privilege

Discounts for your success (advertising)!

Make sure that the view permission for applicant data is always restricted. They may only be accessible to those who are also involved in the application, such as the HR Administrator or the Works Council.

However, if the drive is open to others, leave applicant documents on the desk or use a calendar with other colleagues in which job interviews are noted by name, disclose the identity of applicants and violate them completely clear against data protection. If you use an applicant management system, the inspection of documents can be controlled with a role and rights concept. But be careful: never pass on login data!

4. delete data

In future, it must be proven that data is deleted after a certain period of time. However, there is still no legally binding one Definition for periods. At our customers deletion after four to six months has proven itself. In any case, the data will be retained until the end of the two-month period for filing a complaint of discrimination, in order to be able to refute accusations of discrimination in case of doubt. An automated deletion period can easily be implemented in the system.

In addition, I recommend that recruiters include the reference to data deletion directly in the rejection letter in order to anticipate queries from applicants.

5. Applicant pools must also be compliant

Candidates who do not match the advertised position, but are considered for another position at a later point in time, can be saved in an applicant pool. Objective An applicant management is to support the application process and the selection IT-technically and to design the work processes largely automated and efficient.

The application management system allows in detail:

But: The candidate must be asked in advance whether he also explicitly agrees to be included in the pool and thus a longer-term storage. In addition, he must be informed about the associated deletion deadlines.

It is advisable to use an automatic mechanism that reminds the HR department in good time to seek renewed approval for further storage in the pool. At the same time, it is also possible to query whether the data is still up-to-date (principle: correctness).

6. Privacy also applies to employees

What applies to applicants also applies to the employees. Many companies use pictures of their employees in the external appearance. Here is not enough general power. Employees must agree individually for each channel of use (website, social media, posters for eg trainee campaigns, etc.).

Clarification

Due to an editorial error, references to services were incorrectly contained in the first version of this article. Since the Article However, this is a neutral technical contribution, these advertising elements have been removed. We ask for apology.


Top books on the subject

Read text as PDF

Acquire this text as a PDF (only for own use without passing it on according to Terms and conditions): Please send us one after purchase eMail with the desired title supportberufebilder.de, we will then send the PDF to you immediately. You can also purchase text series.

4,99Buy

Advice on success, goal achievement or marketing

You have Ask about career, Recruiting, personal development or increasing reach? Our AIAdviser helps you for 5 euros a month – free for book buyers. We offer special ones for other topics IT services

5,00 / per month   Book

Book eCourse on Demand

Up to 30 lessons with 4 learning tasks each + final lesson as a PDF download. Please send us one after purchase eMail with the desired title supportberufebilder.de. Alternatively, we would be happy to put your course together for you or offer you a personal, regular one eMail-Course - all further information!

29,99Buy

Skate eBook as desired

If our store does not offer you your desired topic: We will be happy to put together a book according to your wishes and deliver it in a format of yours Choice. Please sign us after purchase supportberufebilder.de

79,99Buy