General Data Protection Regulation
Last modified: May 22, 2018
On May 25th, 2018, the European Union’s General Data Protection Regulation (GDPR) will supersede the European Commission’s prior Data Protection Directive (DPD) and will become active as the primary law governing personal privacy and data protection for EU residents.
Although the GDPR’s regulations apply to EU residents, at HiringSolved we believe that the GDPR provides an excellent privacy framework for all global citizens and we’re pleased to report that HiringSolved is well prepared for GDPR compliance.
Data Controllers and Data Processors
Our data synchronization technology will ensure that the removal of personal information from a customer data source will result in the secure removal of that same data from HiringSolved’s systems. Our data synchronization systems are monitored 24/7 and will generate automated alerts to our technical operations team upon any exception in data processing.
In regards to the GDPR and DPD definitions, HiringSolved is generally defined as a data processor. In this context, our customers are the data controllers. HiringSolved synchronizes data with customer systems and data sources such as HCM/HRIS, ATS and CRM databases for the purpose of AI based matching operations and enhanced search.
The Right To Be Forgotten (Data Erasure)
Article 17 of the GDPR specifies that the “data subject” or the persons whom the data refers to have the right to request that their data be deleted or erased. HiringSolved, as a data processor, synchronizes data with the data controller’s data sources. Such data synchronization includes data erasure.
Although HiringSolved’s synchronization systems should be sufficient for GDPR compliance, we also provide a direct method for people (data subjects) to request that their information be erased:
To request data erasure under GDPR Article 17 simply complete our GDPR Data Request Form or email us at email@example.com. Our privacy team will make our best business effort to contact you within 72 hours of your request and we will work with you to understand and comply with your request.
Data Access and Processing Rights
GDPR Articles 13 through 22 defines the data subject’s rights to access their data and specify preferences and limitations with respect to the processing of their data. To make a request related to GDPR Articles 13-22, simply complete our GDPR Data Request Form or email us at firstname.lastname@example.org.
HiringSolved has always taken security seriously. Our founders have strong experience in the Information Security industry, possessing leading security certifications and audit experience.
The GDPR specifies a set of security features and best practices, which both Data Processors and Data Controllers must adhere to. These security features are designed to insure the confidentiality, integrity and accessibility of personal data. The security features defined in Article 32 of the GDPR include:
- The pseudonymisation and encryption of personal data;
- The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
- A process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
HiringSolved’s control environments are ISO 27001 certified and SOC II Type II audited. Additionally, by May 31th, 2018, HiringSolved will be Privacy Shield Certified.
HiringSolved is already compliant with GDPR Article 32 requirements as these requirements are generally a subset of ISO 27001, 27002 and NIST controls, which are the basis of HiringSolved’s Information Security Policy.
For any further questions or further inquiries related to HiringSolved’s GDPR Compliance Program, please email us at email@example.com.