GDPR: How will it affect us?
Most of us are aware that changes are coming to data protection rules which will have a big impact on all businesses. Here, we explain what Electus is doing to make sure we’re compliant, and what our clients need to know.
The General Data Protection Regulation (GDPR) is a set of new rules to bring data protection across the EU up-to-date with the way businesses and organisations access, store and use personal data. GDPR aims to give individuals more power over what companies can do with their data, and to give regulatory authorities more scope to crack down on businesses that don’t comply.
What Electus is doing
Upgrading data documentation
We have formally documented the personal data we hold, its sources, and which third parties share it, to help us meet obligations to our clients and candidates. A process is in place to ensure that this data is regularly reviewed so that it remains accurate and up-to-date.
Communicating privacy information
We have updated our data privacy notices on our websites: so that existing and prospective clients and candidates are informed of the information we need to fulfil our obligations and improve our service.
Updating client contracts
We are updating contracts with our clients to reflect the new legislation and to define our respective obligations.
Developing new privacy statements
All of our clients will have a visible, clear and concise data privacy statement to communicate to potential applicants, spelling out how the data supplied during the recruitment process will be used. The clarity of this statement will allow us to process data under the legal basis of legitimate interest
Reducing the likelihood of data breaches
We are Cyber Essentials Accredited and all our staff will continue to receive regular, on-going communications and education on how to minimise the risk of a personal data breach, and who to inform if a breach occurs.
Continuing to be vigilant about everyday data protection
We will continue to make sure user passwords are encrypted, data visibility is controlled by roles, and financial data is made very difficult for unauthorised people to access and decode.
Specifying Data Protection roles
We’ve designated responsibility for data protection compliance, and have appointed a data representative to monitor, review and enhance our data protection journey.