The imminent landing of GDPR!
Yes we all know, or maybe you aren’t aware (where have you been?)… The imminent landing of GDPR on your business doorstep is fast approaching; 25th May 2018 to be exact!
So we have been very busy on this subject making sure we and our Clients, Colleagues and Contacts are fully aware of imminent changes in the Data Protection arena arising from the General Data Protection Regulation (GDPR).
Whilst we have always taken Data Protection seriously, we can shout out loud we are fully committed to being GDPR compliant. The implications of GDPR affect us. They may also affect you.
If you don’t have the will just yet to start getting yourselves GDPR ready, be aware it will be here before you know it!
The main additional areas that need to be considered are:
- Accountability: Organisations are required to explicitly demonstrate compliance with GDPR principles.
- Individual Rights: These are expanded to include the ‘right to be erased’ and the ‘right to data portability’.
- Governance Framework: Data Controllers / Data Processors are required to demonstrate compliance with the GDPR.
- Fines: Significant fines can be imposed for breaches of the GDPR.
Below is a snippet from our full Data Protection web page, also available in PDF format for your reading pleasure. Don’t leave it too late to get GDPR compliant, or there could be a hefty fine winging its way to you!
About the Data We Control
The data that we control is principally in the form of test results arising from psychometric assessments taken by candidates. Typically, that data is ‘raw’, meaning that it requires some kind of processing for it to be meaningful. The personal data collected as part of the assessment process is minimal. By necessity, we require the name and gender of the candidate (see below: ‘How We Identify Candidates’). We also require the email address of candidates in order to communicate with them and issue administration instructions. Some online systems require the candidate’s email address as a means of ensuring system security (ie: username with a password set by the candidate). Any other information which may be requested by systems, including age, occupation, educational background, etc. is optional. The raw data is held on secure servers which are managed by third-party test publishers. We take all reasonable steps to ensure data protection. We only use test publishers of the highest professional standing, who also comply with Data Protection legislation. Ultimately, the raw data is processed to generate meaningful reports for both clients and candidates…
You can view the full text: here (with pdf download available)