Achieving GDPR Compliance with Avature

Similar documents
New General Data Protection Regulation - an introduction

GDPR and Canadian organizations: Addressing key challenges GDPR and Canadian organizations: Addressing key challenges

EU General Data Protection Regulation (GDPR)

Guidance on the General Data Protection Regulation: (1) Getting started

What is GDPR and Should You Care?

CANDIDATE DATA PROTECTION STANDARDS

The General Data Protection Regulation: What does it mean for you?

GDPR. Legalities, Policies and Process Part 3 of our series on GDPR and its impact on the recruitment industry

EU-GDPR and the cloud. Heike Fiedler-Phelps January 13, 2018

The Sage quick start guide for businesses

General Data Protection Regulation and Episerver Learn how to leverage your organization s data to support GDPR compliance.

Data Protection Policy

GDPR Compliance Checklist

Accelerate Your Response to the EU General Data Protection Regulation (GDPR) with Oracle Cloud Applications

ARTICLE 29 DATA PROTECTION WORKING PARTY

EU GENERAL DATA PROTECTION REGULATION

SOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER

Preparing for the General Data Protection Regulation (GDPR)

General Data Privacy Regulation: It s Coming Are You Ready?

Customer Data Protection. Temenos module for the General Data Protection Regulation (GDPR)

Data Privacy Policy for Employees and Employee Candidates in the European Union

The General Data Protection Regulation (GDPR): Getting in good shape for the deadline Copenhagen, 19 September 2017 Janus Friis Bindslev Partner,

Data Flow Mapping and the EU GDPR

Conducting privacy impact assessments code of practice

Audit Committee Charter Amended September 3, Tyco International plc

EU General Data Protection Regulation (GDPR) A Point of View for Technology Sector Organisations. For private circulation only.

New EU-GDPR: Challenges for Universities and Research Organisations

What Does GDPR Mean for B2B Organizations?

SOLUTION BRIEF RSA ARCHER REGULATORY & CORPORATE COMPLIANCE MANAGEMENT

Data Protection. Policy

Comments on Chapter IV Part I Controller and processor 25/08/2015 Page 1

Working toward GDPR compliance. Insights from a SAS survey and an end-to-end approach

A Parish Guide to the General Data Protection Regulation (GDPR)

EU data protection reform

Data protection (GDPR) policy

THE GENERAL DATA PROTECTION REGULATION: GUIDANCE ON THE ROLE OF THE DATA PROTECTION OFFICER

General Data Protection Regulation (GDPR) Meeting the new requirements

5-Step Guide For GDPR Compliance

WORLD MEDIA GROUP THE IMPLICATIONS OF GDPR FOR THE ADVERTISING INDUSTRY

with Xavier Darmstaedter Managing Partner GEDAPRE DACOTA Consulting

Discussion Paper on innovative uses of consumer data by financial institutions

Privacy governance survey. The state of privacy management in Belgian organisations

Conducting privacy impact assessments code of practice

Prepare for GDPR today with Microsoft 365

St Mark s Church of England Academy Data Protection Policy

TWELVE STEP PLAN TO BECOME COMPLIANT WITH THE GENERAL DATA PROTECTION REGULATION

Policy Document for: Data Protection (GDPR) Approved by Directors: September Due for Review: September Statement of intent

WSGR Getting Ready for the GDPR Series

Mastering the GDPR with Enterprise Architecture

EU General Data Protection Regulation (GDPR) Tieto s approach and implementation

EU General Data Protection Regulation (GDPR) Point of View for ERP and HRMS Operations. For private circulation only.

2017 IBM Corporation. IBM s Journey to GDPR Readiness

The EU General Data Protection Regulation (GDPR) A briefing for the digital advertising industry

GDPR Webinar 4: Data Protection Impact Assessments

ETHICAL ISSUES FOR THE REGULATOR

DATA PROTECTION POLICY

The General Data Protection Legislation: a challenge for the Internal Auditor

Syntel Human Resources Privacy Statement

GDPR Webinar : Overview & practical compliance steps. 23 October 2017

GUIDELINES FOR IMPLEMENTING A PRIVACY MANAGEMENT PROGRAM For Privacy Accountability in Manitoba s Public Sector

Rexel Shredding. Why a paper security policy is integral to GDPR compliance.

Compliance with South African POPI Acts

Customer Advocacy. Complaints Management Policy

Protocol for Developing Multi-Stakeholder Group Terms of Reference and Internal Governance Rules and Procedures

Webinar: Deep Dive into the Role of the DPO under the GDPR

THE EU GENERAL DATA PROTECTION REGULATION AND INTERNATIONAL AIRLINES SPECIAL UPDATE

Data Protection Audit Self-assessment toolkit

1 July Guideline for Municipal Competency Levels: Head of Supply Chain and Supply Chain Senior Managers

Lords Bill Committee on Digital Economy Bill Information Commissioner s briefing

Humber Information Sharing Charter

Breaking the myth How your marketing activities can benefit from the GDPR December 2017

Information Governance Policy

BOARD GUIDELINES ON SIGNIFICANT CORPORATE GOVERNANCE ISSUES

HUMAN RESOURCES COMMITTEE CHARTER

Information Governance and Records Management Policy March 2014

Henkel s Compliance Management System (CMS)

Records Management Policy

The Data Protection Regulation for Europe

C A R L E T O N U N I V E R S I T Y POSITION DESCRIPTION

REPUBLIC OF SERBIA RES. 68/44 - NATIONAL LEGISLATION ON TRANSFER OF ARMS, MILITARY EQUIPMENT AND DUAL-USE GOODS AND TECHNOLOGY

CODE OF ETHICS AND BUSINESS CONDUCT

GDPR A Catalyst to Drive Real Action around Privacy and Security

THE ANTITRUST COMPLIANCE PROGRAMME OF THE ITALCEMENTI GROUP

Regulation for Scheme Owners requesting acceptance by ACCREDIA of new Conformity Assessment Schemes and their revisions

GDPR: keeping data processing records

Preparing for the GDPR: Attaining and Demonstrating Compliance

SOUTHWEST AIRLINES CO. AUDIT COMMITTEE CHARTER

Data Protection Policy and General Data Protection Regulations (GDPR)

Thomson Reuters Regulatory Change Management

MODA HEALTH CODE OF CONDUCT

General Data Protection Regulation

FEDERAL LAW NO. 101-FZ OF JULY 15, 1995 ON THE INTERNATIONAL TREATIES OF THE RUSSIAN FEDERATION

Mind the Gap: GDPR Ahead. Rakesh Sancheti. Author. July Vice President and Business Head - Analytics, Europe and Nordic

ESOMAR 28 ANSWERS TO 28 QUESTIONS TO HELP BUYERS OF ONLINE SAMPLE

DIAMOND OFFSHORE DRILLING, INC. Corporate Governance Guidelines

GRIFOLS STATUTES OF THE AUDIT COMMITTEE

AmCham s HR Committee s

IMI code of practice for the secondary use of health data. Anne Bahr, PhD, CIPP/E R&D Privacy Officer

Intuit Supplier Code of Conduct

Data Protection Policy

Transcription:

Achieving GDPR Compliance with Avature

What You Need to Know About GDPR The General Data Protection Regulation, or GDPR, is a regulation that was passed by the European Union in 2016 to update and replace the EU Data Protection Directive of 1995. GDPR harmonizes data protection regulations across EU member countries. However, the new regulation also applies to all foreign companies processing the data of individuals in the EU, even if the companies do not have an established place of business inside the EU. Furthermore, GDPR introduces large penalties for non-compliance. GDPR presents some new challenges for non-eu companies not the least of which being that they must be compliant by May 25, 2018. In order to be in compliance, companies will need to: Be familiar with the GDPR guiding principles Establish business processes that are designed to support those principles Process personal data legally and ensure their data processor provides adequate technical controls Recruiting and marketing programs, which depend on collecting and using personal data, face one of the biggest challenges. It is important to remember that the EU definition of personal data is broad. Fortunately, GDPR simplifies EU data protection regulations, says Beatriz Quintana, Chief Privacy Officer of Avature, replacing a more fragmented legislation, which was essentially a framework with different implementations depending upon the EU country. Complying with data privacy laws under GDPR will be more homogeneous. Impacted Parties Generally, GDPR oversees three groups that either have personal data rights or personal data obligations. When working with Avature, these are: Data Subjects Your prospects and candidates are the data subjects. It is their personal data that is processed when they are considered for a position or kept in a talent pool. Data Controller You are the data controller. You determine the purpose and usage of the data. Data Processor Avature is your data processor. Our platform maintains and protects your candidates data. Achieving GDPR Compliance Avature 2

Guiding Principles In order to be prepared for GDPR, your company must comply with the following principles. Fair and lawful: You must have legitimate grounds for collecting a person s data, and you are required to provide full transparency about how you will use candidates data. For explicitly specified purpose: You must only use your candidates personal data for the purpose you originally said it would be used. Only what is needed: The data you hold on your candidates must be adequate for the defined purpose. Privacy notices must be clearer than before, and candidates must be able to withdraw consent at any time. Accurate and updated: You must regularly take steps to keep candidates personal information up to date. Limited retention: You must regularly review the length of time you hold onto candidates data. Data that is out of date or no longer necessary must be properly destroyed or deleted. Penalties The 20 Million Question Can recruiting programs comply with GDPR and remain effective? The short answer is yes. Avature has been helping EU customers comply with the EU Data Protection Directive for the past 10 years. Our customers which include large and small EU companies, all the major global consulting companies, many of the largest banks and manufactures in the UK and Germany, and several EU government entities have developed competitive recruiting programs that operate effectively within the EU and meet the data regulations. If you still haven t done anything to comply with GDPR, you need to move quickly because, as with many of our non- EU customers, you may need to make significant changes to the way you process personal data. The good news is that Avature can be configured to support GDPR-compliant recruitment marketing programs. Avature s security and privacy controls meet the highest standards and are ISO 27001 and SOC 2 certified. Our controls have passed multiple onsite audits and penetration tests. Under GDPR, people have enhanced rights to access the information that companies have about them, and businesses have new obligations for data management. Noncompliant companies may be charged penalties of up to 4% of worldwide turnover or 20 million, whichever is greater. Achieving GDPR Compliance Avature 3

Avature Your Data Processing Partner Leveraging our fundamental focus on configuration, we have invested in technical functionality specifically designed to support privacy laws. Our system is highly configurable, and you can determine how to process data in the manner that is legally compliant.* We have also assisted customers in their response to government inquiries relating to individual citizens privacy complaints and supported customers in their successful resolution of complaints. Our legal team knows how to draft, review, and execute amendments to existing data protection agreements. Support & Security Measures Our main responsibilities as a data processor are to provide for the confidentiality, integrity, availability, and resilience of your data. Behind the user interface, we implement technical and organizational security measures such as: Firewall, encryption, and other technologies to protect the data Separation of processing for different customers and their different purposes Role segregation so that only Avature employees who need to access your data are able to view it Avature s online documentation (Help & News), available from within your instance, describes in detail how all of our features work. Features The Avature platform is designed for configurability. So when compliance regulations change, our technology can keep pace. Specific to GDPR, our solutions offer different features to help you achieve compliance. Customizable opt-in/out or double opt-in workflows that automate the consent process and regularly re-evaluate candidate consent Automated purging or deletion of data at intervals determined by you Encryption that keeps confidential data accessible/ editable on a need-to-know basis Configurable security settings for your users in accordance with your security needs Full audit journal to trace interactions with candidates, including consents, updates and changes Unsubscribe links in emails sent through Avature so candidates can choose to opt-out Consent forms to manage and keep track of individuals consent with timestamps * While Avature offers functionalities to support compliant processes, we are not a law firm and do not provide legal advice. We have, however, worked directly with the legal departments of major organizations and their recruiting teams to implement compliant recruiting programs. Avature s consultants have supported the implementation of many recruiting programs for EU customers, following their requirements in accordance with EU privacy laws. We strongly recommend you consult with your legal counsel to decide upon compliance processes. Achieving GDPR Compliance Avature 4

With GDPR coming into effect, if your legal counsel advises you to reconfigure your instance, please contact your sales representative and our consultants will support any reconfiguration according to your instructions. For more information, contact your sales representative or email sales@avature.net. Other Privacy Policy Updates Many of our customers operate worldwide. Our configurability enables you to tailor the solution to your unique processes in different regions. individual that organizes and/or effects processing of personal data and also determines the goals and content of personal data processing. The law requires data operators to take all the necessary organizational and technical measures required for protecting personal data against unlawful or accidental access. Additionally, the data protection law requires all data operators to use data centers located in the territory of the Russian Federation in the course of collecting personal data, including via the Internet. Avature has data centers in Russia that can assist you in complying with this requirement. Russia As of July 2017, a new law stipulates an increase of fines for violations in the sphere of processing personal data. Potential fines increased from RUB 10,000 to RUB 75,000 (approximately 140 to 1100). In Russia, responsibility lies with data operators, which includes state and municipal bodies, legal entities, or any China China s Information Security Technology - Personal Information Security Specification will become effective May 1, 2018. The new standard sets out data protection concepts and principles for key laws and regulations, such as the China Cybersecurity Law. Avature s configurable system can support you in complying with these new provisions. Achieving GDPR Compliance Avature 5

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback