Making sure personal information is handled properly is crucial during the hiring process. Following the rules outlined in the General Data Protection Regulation (GDPR) is important for companies. They need to apply these rules at every step when dealing with personal data. How does GDPR play a role in hiring through an ATS?
GDPR and ATS
Being serious about protecting data can build trust between the company and potential employees, extending beyond the hiring process. Respecting privacy creates a feeling of safety, promoting open communication within the organization. Prioritizing privacy in hiring has significant benefits for the company's success and ethical behavior. Therefore, it's essential to choose Applicant Tracking Systems (ATS) that make privacy compliance easy and understandable.
In terms of GDPR, Axterior is a data processor, the user is a data controller, and the candidates are data subjects. Axterior has been designed as a recruitment software tool, where the user decides how to use Axterior at its sole discretion.
Put simply, Axterior's job is to make sure data is processed correctly and follows the rules. However, it's up to the user to decide how the candidate's information is gathered and used and which technical tools to use.
Focus on your core hiring tasks while Axterior ATS keeps you compliant in the background!
Our intelligent automation streamlines GDPR checks, making sure your processes adhere to regulations effortlessly.
TRY FREE TRIALStaying GDPR Compliant with Axterior
Let’s check how Axterior might help ensure compliance with relevant data privacy regulations.
Access to Data
Access to candidates' data is restricted through role-based access controls depending on the authorization the exact user is having within the company. For example, our platform implies 5 roles: Owner, HR Manager, Recruiter, Hiring Manager, and Interviewer, and the access to data is distributed depending on the scope of tasks the respective user is authorized for. In the case of conducting analytics and statistical analysis Axterior uses only anonymised information that cannot be considered as identifying data.
Data Localization
Axterior stores and processes data in the EU, and no transfers outside the EU area are conducted. If the user no longer wants us to process and store candidates’ information, the respective request should be made, and data shall be deleted.
Data Encryption
Axterior implements encryption techniques to secure user’s data during transmission and storage. This helps to prevent unauthorized access to the data. User passwords are converted into a coded format and stored securely.
Rights of Data Subjects
The data subject's rights and limitations should be respected and addressed if requested. First and foremost, the candidates shall be informed that their data is processed and which means are used in the course of such processing. Furthermore, they should have the ability to get information about their data. Axterior functionality allows you to contact the candidate if their data has been processed through the platform.
Data Portability and Deletion
Each candidate shall have a right to the erasure of personal data. Therefore, the platform facilitates these rights by providing tools for users to access candidates’ profiles and export or delete their data following the candidates’ requests. Axterior supports the possibility of deleting the data if the request has been submitted.
Data Incident Responses
Axterior implements internal resources in order to prevent, mitigate, and respond to data breaches. In case of a data incident, our technical team shall conduct a thorough investigation to determine the scope, nature, and impact of the incident and implement actions to address the vulnerabilities and prevent similar incidents.
Data Minimization
Axterior follows data minimization policies and highly encourages users to collect solely the information which is strictly necessary for recruitment purposes. This reduces the risk associated with holding excessive, unnecessary sensitive data and aligns with GDPR requirements.
Security Audits and Updates
Axterior conducts regular internal information security audits to identify and address vulnerabilities, including keeping software up to date with the latest security patches. Continuous monitoring helps ensure that the system remains resilient against evolving threats.
Compliance Standards
Axterior team members constantly undergo professional training on information security, personal data protection, and secure technical functionality. The team is aware of key principles of data collection, protection, and security.
Partnerships and Integrations
Axterior conducts careful audits on compliance with data protection laws with its partnerships and third-party integrations. When we use other systems, services, or products in our processing activities, we ensure that we only use those whose teams take data protection issues into account.
One of the key user’s obligations as a data controller is to make sure its sub-processors handle the data appropriately. Therefore, for additional reassurance, Axterior provides a Data Processing Agreement on request.
Conclusion
We take data protection seriously when building and using our platform and services. That's why at Axterior, we make sure data protection is a fundamental part of how our processing strategies work. Our goal is to create a safe and compliant space for handling users' and candidates' data by integrating these measures and adhering to relevant data protection laws. Try Axterior for free now, and make sure your privacy is protected!
