How do you ensure compliant recruitment?
Is information sent over the web encrypted? Do you know the path of files when they are sent through email? And how do you make sure they don't get lost? Do you have processes for deleting information and are they documented? Is it clear who has had access to the data? Both in the first, second and third workflow?
There are three traditional routes for applications and CVs, namely via
- the company's website as a form or
- A recruitment system
Compliant recruitment behavior requires strict discipline for the recruitment team involved so that compliance is possible:
The applicant's right to withdraw their data
a. The applicant has the right to both change and delete all their data at any time. As a company, you must be able to document (read more under ) how you handle this process.
b. Are the applications stored and accessed from one place (e.g. in the cloud) or are they scattered around the company mailboxes? In the latter case, the task is particularly difficult and a known procedure for how the information is tracked and removed will be necessary.
c. All printed sensitive material must be locked and must be shredded as soon as it is no longer in use.
That the application is only visible to those it is relevant to in the hiring process
a. It is therefore important to keep track of who the application is forwarded to. If the company uses a recruitment system, it is an advantage when the system can recognize its users with access to the system and you can therefore easily draw a log of the traffic on the site.
b. Privacy awareness must be created, for example, in relation to where applications are carried and read (e.g. in print on a private dining table for the rest of the family to see).
c. USB connectors or printers should be locked away when not in use and machines should have firewalls and codes that are only known by the relevant employees. All codes should be checked every six months.
d. By using a compliant and responsive recruitment system (works on PC, tablet and smartphone), the company can easily document who has visited the system. At the same time, the use of print can be avoided completely when recruiters can read and comment on applications anywhere on any device.
Important
Applications and CVs can be deleted within six months, so it is guaranteed to be gone from all platforms and archives (and dining tables).
Everything on paper should be shredded when no longer in use:
a. Is there an overview of how old the archived applications are and what procedures are in place for deleting data in time?
Are you on top of...
Who is RESPONSIBLE for your personal data?
What data processing agreements do you have with your data providers?
Can you DOCUMENT how you are compliant?
Do all your EMPLOYEES follow compliant processes?
Do we need to hire a DATA PROTECTION OFFICER?
Are pre-printed checkmarks a CONSENT?
