General Data Protection Regulation (GDPR) became effective in May 2018 and normally applies to the European Union only. But since ACCUR Recruiting Services has many European clients and candidates, we needed to make sure we comply with it too. ACCUR is committed to protecting the privacy of its candidates and client contacts. Therefore we are now applying the same strict standards to all the personal data we collect regardless of their country of origin.

GDPR for Recruitment Agencies.

• The “data subjects” are mostly the candidates because they can be identified via their personal information.
• The “data controllers” are the employers and the recruitment agencies. GDPR for employers and for recruiters have many similarities.
• The “data processors” are our ATS (Applicant Tracking Systems). We use those ATS to process candidates’ personal data.

How do we comply with the basic GDPR requirements?

How does GDPR affects recruitment? It basically means we are committed to the following principles:

• We only process your data with a legitimate interest. That means we only collect job related data. And we intend to contact the candidates within the legally required 30 days. It is clear ACCUR’s business is to identify individuals.
• We need to have the candidates consent to process sensitive data for background checks for examples. They are sensitive, because they require a Social Security Number.
• We need to transparent about how we process candidate’s data. Our privacy policy, which includes our cookie policy, is clearly available on our site. Our site is meant to collect and store data. Our ATS gets duplicated data for data processing.
• We assume responsibility for your data and are using the best tools on the markets. Data security is key to us The modern tools we use are all safe and GDPR compliant.

What are the candidates rights?

We obviously have to comply with candidates rights under GDPR.

• Candidates have the “right to be forgotten”. Upon request we will delete all copies of your information within 30 days.
• Candidates have the right to access their data. They can also ask to correct it or withdraw their consent for processing. We must comply within 30 days.

Our data processes are clear.

• We only collect personal data via our site or via email.
• We constantly identify candidates on publicly available platforms. But once contacted, those candidates have to submit their data to us proactively.
• Our site sends automatically a copy of the data to our ATS.
• If received by email, candidates data is immediately sent to our ATS for processing.
• Only data in our ATS can be processed. If we have received data by email, they will never be processed if not sent to our ATS.
• We only collect the data in relation to the purposes of job matching. For example contact details are necessary to get back to the candidates for job opportunities.
• Only our recruitment consultants have access to candidates data. They are never shared with any third parties. We need the candidate consent to share their resume with a client employer. The data we store is never shared with any third party.

We have a privacy policy for recruiting

Our privacy policy includes again all the GDPR requirements:

• You can find there the name and contact details of our Data Protection Officer.
• It states that data collected will only be processed for job matching purposes.
• It outlines the nature of the information we collect on candidates.
• It says we will only share candidates information with our clients and only with the candidate’s consent.
• It states we are a US-based company. This is where the data is stored and processed.
• It includes the candidates rights.
• It provides ways for candidates to act on their data.
• It gives details on how we make sure to protect the data we collect. Our website and our ATS are both encrypted and both updated on a weekly basis to fix any potential technical issues.

Please, don’t hesitate to let us know if you have any questions!