General Data Protection Regulation (GDPR)
On 25 May 2018, the General Data Protection Regulation (GDPR) will take effect in the European Union (EU). GDPR will impose strict controls on how all organisations collect and process personal data within the EU and/or personal data of EU citizens.
Exec Assignments Ltd will be fully compliant with GDPR when it becomes enforceable on 25 May 2018.
The regulation outlines six key points for organisations that process individuals’ personal information.
Data must be:
• Processed lawfully, fairly and transparently
• Collected for specified, explicit and legitimate purposes
• Adequate, relevant and limited to what is necessary for processing
• Accurate and kept up to date
• Retained only for as long as necessary
• Processed in an appropriate manner to maintain security
As part of the Exec Assignments services we have several options available to help our candidates and clients to keep track and stay compliant including:
GDPR module on our database
Streamlines and automates the process of candidate’s communications. This can be used for confirming consent with regards to GDPR regulations.
Prevent users from deleting notes once they have been created, ensuring the integrity of your database. This stops unauthorised users from deleting important information – such as GDPR consent.
Easily track documents which have been sent from the system, including when and who they were sent to. If you receive a SAR (subject access request) you will have the data easily available.
Export all our data, from within the system in CSV format. This allows us to comply with data portability and information requests.
Right to be Forgotten
When records are deleted, all associated data is also permanently removed (including documents, notes and emails etc). A record of the action is also added to the system log providing an audit trail.
Processing of Data
Exec Assignments Ltd acts as a data processor on behalf of our candidates and clients. As a candidate or client of Exec Assignments Ltd you are entering into an agreement which gives us a legitimate basis to process your data (in line with GDPR requirements).
The security of customer data has, and always will be, taken extremely seriously. Our Hosting provider for Live Products and Services is a Tier 1 ISO who provides industry-leading security and has a long list of internationally recognised certifications and accreditation’s. Our infrastructure is hosted by a leading provider, who provides industry-leading security and has a long list of internationally recognised certifications and accreditation’s.
All client and candidate data is backed up at regular intervals and stored in two alternative locations within the EU at all times, as per AWS recommended guidelines. Finally, security and performance tests are carried out at regular intervals to ensure the smooth running of the service.
Along with a username and password, all customer databases can be secured with additional layers of security including: Access Control and use of the in-built Permissions System. All customer data can be exported at any time from within the system by an authorised user. Finally, there is a system log which provides an overview of activity on the database for auditing records and security purposes.
In the unlikely event of a data breach, Exec Assignments Ltd has strict procedures in place to report this to candidates and clients, and the ICO within 72 hours of discovery.
Exec Assignments does not share customer data with any third parties without your express written permission.