So, today is the 25th of May, meaning GDPR comes into effect.
This is why we would like to introduce what we have done to achieve compliance between us and our more than 900 customers, with us being the software supplier in practice. We have worked with two different angles; “Customers & GDPR” as well as “The systems & GDPR”.
Therefore we have developed our systems but also involved our customers in this GDPR process in regards to what you need to pay attention to in the recruitment process in our recruitment system, as well as employees and their data in our HR system – data as a whole.
Customers and GDPR
We have taken following actions between us and the customers, in Danish, Norwegian Swedish and English:
- GDPR webinars
- Data processor agreements
- A GDPR checklist for administrators
- Technical document regarding GDPR
- Quick guide for consent texts and how to implement them
- New consent texts for candidates in the application process
- User seminars and #HRinfront networking events regarding GDPR
- HR Manager & GDPR (FAQ) – (server info, security, ISO certificates)
This will give you insight in what our checklist, which we made for our customers, can be used for. The purpose for us to create this list was clarity and transparency, as an attempt to make the process more “hands-on”.
This has increased the feeling of comfort for our customers as well as having answered a lot of questions about GDPR and our systems.
1. GDPR checklist
1.1 Signing of the data processor agreement
1.2 Read the current consent
1.2.1 Read the current consent at the application form
1.2.2 Read the current consent at the job agent
1.3 Adjust your FAQ on the candidate side
1.4 Who can see what?
1.5 Go through your deletion protocols in ‘Administration’
1.6 Log in options
1.7 Get to know your communication templates
1.8 Communicate internally
1.9 GDPR role/officer
1.10 Consider digital signature
1.11 Stay updated
A data processor agreement must be signed and filled out with the data, you are storing. One per company or one per registration number.
From the 25th of May, we will change the way of giving consent on the candidate’s side.
This is why we are adding the option of three different types of consents.
There will be a new clear consent, which will be directly inserted on the application form.
Attention! You can still formulate your own custom text, if you do not wish to use our standard text.
You can start by applying for a job on your own website – and experience what the candidate experiences. In the bottom of the application, you can see your consent text.
You can start by creating a job agent from your own website – and experience what the candidate experiences. In the bottom, before creation, you can see your consent text.
The candidate can click on ’Help’ and read your FAQ, which can be recommended to use and adjust to your own linguistics. We have made sure there is a standard text as default.
Receive knowledge in regards to what people can see when they log in. You can, as an example, create user with different user roles than administrator, to see what others can see. This can e.g. be for seeing what a leader can see, export, share etc.
You can adjust/change your deletion rules for your cooperation. Be attentive to the fact there is set up options for both available positions and unsolicited applications.
It can be relevant to consider the fact of how the log in process should be. We offer two factor log in, which will send an e-mail to the user with a code for log in. Furthermore, we have some customers who are using AD (Active Directory), where user roles already are defined in a different system.
We are soon representing a new log in option, called HRID. This will give you better options for insight for the candidate as well and other options for the user, who can log in through other medias. Everyone will be informed about this, when it has been developed.
The reason for this point, is that in your implementation process, you went through these, but for some it is more than 10 years ago. But no matter what, it is recommended to go through these to see what the text are and which merge fields there are being used. It is a good idea to ‘clean up’ in the stuff you are not using.
If you have any internal policies in regards to GDPR, information about processing data, protection of data, the good interview, reference templates or anything else, then please do consider if you want to link these into the system. It is possible to link to important information, which all users can see when they are logged in. This can be done in ‘Administration’ in ‘Customised texts’.
We have developed a GDPR role/officer, which can be given internally to relevant staff. With this user role, further log information etc. can be seen. Notifications will soon be finished developed, so an e-mail is sent out whenever a candidate e.g. wants to be deleted. Further information will be sent out.
It is possible to upload documents, but it is also possible to generate documents directly by using Talent Recruiter and Talent Manager. This can be a help to increase your compliance process by having documents digitally as well as securing a digital signature.
Stay updated by reading our newsletters, since this will give you insight in regards to functionalities many do not know exists – both in regards to GDPR as well as relevant information from us.
The systems & GDPR
We have improved existing functions as well as developed several new ones to accommodate compliance with our systems in your daily usage, meaning we can support the customers technically in their process of compliance. We have e.g. improved/developed the following the last couple of months:
Our recruitment system (Talent Recruiter):
- An added specific consent when creating a job agent
- New ‘Data Takeout’ for the candidates, which will result in better insight rights and deletion of data
- A changed way of giving consent as a candidate (more clear and user-friendly)
- Legal standard personal data policy text for the candidate’s application process
- External ranking with browser link to the candidate’s profile
- A completely new administration site for GDPR users:
- Optional control of further access restrictions, if necessary
- Activity log of events for candidates and users (e.g. ‘Candidate has uploaded a document’, ‘Candidate deleted’, ‘Candidate created’, ‘User changed password’ etc.)
- New role for the GDPR officer, with rights for activity log as well as security settings
- Digital signing of employment contracts and other documents
Read more about our recruitment system here:
In our HR system (Talent Manager):
- ’Export employee data’ – the employee can receive insight in the stored data
- Document overview on the Talent Manager Dashboard – Do we know if everyone has an employment contract/consent stored on every employee, and are they all stored digitally?
- Automated deletion of documents – You can easily store documents, e.g. with a deletion date so you are sure about the fact that is done the right day
- Further separation of user access / user roles – who may see what data, which job types and which documents?
- Further logging regarding the activities that are being done on employees in the system, e.g.:
- Who and when was shown the employee’s details?
- CV/Resumé and other documents seen/edited
- Who and when edited the employee’s data?
- Employee list based upon departments
- Which fields were updated?
- Appraisal edited
- Appraisal seen
- Separate rights for access to own personal information:
- It is now possible to configure which fields must be visible or editable when an employee, leader or administrator sees their own profile. We now have separate rights for viewing and editing one’s own profile.
- Digital signing of employment contracts and other documents
Read more about our HR system here:
We can also assist you in optimizing your compliance processes – just as we have done with more than 900 other companies in all businesses; small as well as large.
You can contact us on: +44 1908 533 361 or e-mail: firstname.lastname@example.org