Stay GDPR Compliant with ReferScout
At ReferScout, we prioritize our customers and deliver cutting-edge recruitment technology. We're deeply committed to safeguarding your data and privacy with robust security measures.
Our platform meets essential compliance standards, and we continuously improve our data protection infrastructure. To support your GDPR compliance efforts, we've developed specialized tools and processes within ReferScout.
What Does the GDPR Cover?
The European Union has identified concerns surrounding data security and has put a new regulation, the General Data Protection Regulation (GDPR), in place to protect its citizens. This legislation went into effect as of May 25, 2018 and is strictly enforced, setting the new standard for consumer rights regarding the protection of their data.
The GDPR regulates the processing, including collection, storage, transfer or use, of data for EU individuals. Any organization that processes personal data of EU individuals is within the scope of the law, regardless of whether the organization has a physical presence in the EU.
For companies subject to GDPR, the compliance requirements include:
- Gathering and using email addresses
- Documenting internal processes to stay GDPR compliant
- Conducting a Data Privacy Impact Assessment for new technologies
- Mandating certain types of businesses hire a Data Privacy Officer
- Creating privacy policies and compliant contract terms
- Reporting obligations when a data breach occurs
What is Personal Data?
Any kind of information that can be used to identify a person — like a candidate's name, email address, social networking posts, and even down to information as granular as their computer IP address.
What Does This Mean for Employers?
The new regulation will affect any organization that stores and/or processes the personal information of EU citizens. There are three levels of GDPR classifications you should be aware of:
Data Subjects
Candidates who apply to your jobs OR employees who refer candidates to jobs at your company
Data Controllers
Your company
Data Processors
ReferScout
How to Comply?
Determine the legal basis for collecting the information and be fully transparent with the types of data and what specifically will be done with that data.
Only use the data for what you originally intended — you cannot recycle the information for marketing emails or sell to third parties.
Be mindful of the amount of data you are collecting — only collect the personal information you need to complete the task at hand.
Keep your records up to date — outdated information on candidates can be considered a violation. While you have the data, ensure that it is secure at all times.
Don't keep the data for extended periods of time. While there is no designated expiration at this time, be wary about the data's "shelf life".
ReferScout's Approach to GDPR
Building on our existing data privacy and security infrastructure, we support our customers in their GDPR compliance efforts with a combination of new features and in-app best practice guidance.
Secure Career Pages
Customer career pages default to HTTPS.
Candidate Acceptance
Candidates when referred by employees can accept or decline the referral invite. This automatically deletes the candidate data in your employer account, reducing any data privacy risk.
Application Disclaimer
Customers can add a custom application disclaimer to the Job Application Form, informing candidates of how the company will handle their personal data and their data retention policies.
Customer Data Deletion
When customers cancel their ReferScout account, their data will be deleted from ReferScout's systems in accordance with our Terms of Service.
Related Documents
NOTE: This article has been prepared for general information purposes only. The information presented is not legal advice and is not intended to be a substitute for professional legal advice.
Questions About GDPR Compliance?
Reach out to our support team with questions or to learn more about using ReferScout's compliance-related features.