Menu
How GDPR Affects Your Talent Acquisition Platform
Friday, Jun 08, 2018

If you’ve noticed that every online provider has been updating their privacy policy lately, from social media sites to news outlets and retailers, it’s likely a response to the European Union’s (EU) new General Data Protection Regulation (GDPR) which went into effect on May 25, 2018.

The GDPR builds upon existing data protection frameworks, such as the EU-U.S. Privacy Shield program, and seeks to give internet users more control over the ways in which their personal information is collected, stored and processed. Though the mandate only applies to businesses headquartered within or offering goods and services to the EU, it has pushed organizations worldwide to make changes to their technology, processes, and internal controls to comply with the new rules.

As employers, GDPR affects how businesses handle their HR and talent acquisition practices, as well. From a recruiting standpoint, job candidate data protection and compliance are top of mind thanks to emerging policies like GDPR, as well as many other recent and well-publicized data breaches. Employers simply can’t afford to take data security lightly and risk potentially damaging their brand.

Accordingly, iCIMS has carefully approached the arrival of GDPR and has exercised a company-wide initiative to ensure it is ready to satisfy its own internal requirements, while enabling customers to comply with their requirements when using the iCIMS Talent Platform.

Candidate Data Rights

At their core, data privacy regulations are meant to empower web users to take more control over their personal information. Job seeking is an innately vulnerable process, as applicants are asked to share their entire work histories, as well as email addresses, personal phone numbers, home addresses, and current workplace locations. Candidates must trust that companies collecting their information are doing so with great care, and GDPR is a push in the right direction to ensure that employers are holding up their side of this implied contract of trust.

This high standard for data protection is part of the iCIMS culture, as exhibited by our leadership’s passion for ongoing improvements to the candidate experience and the importance of implementing enterprise-ready, globalized recruitment strategies that can keep pace with modern web practices. iCIMS’ Chief Technology Officer, Al Smith explains, “iCIMS Talent Platform capabilities have always been designed to give users the right amount of flexibility and control. You can trust that iCIMS will continue to study the regulatory guidance as it evolves, evaluate customer preferences, and consider providing further capabilities as needed in future releases.”

GDPR-Ready Platform Capabilities

The iCIMS Talent Platform was recently updated to help support its global customer base and offer more enhanced, compliance-driven user capabilities on an ongoing basis. For iCIMS users who need to bring their talent acquisition practices up to GDPR standards, here are some of the highlighted features now available.

As applied to hiring software, the GDPR stipulates a variety of individual data rights for job applicants, including the “right to be forgotten,” meaning that candidates can choose to remove their information from a hiring system of record at any time. To more efficiently purge candidate profile data that is no longer needed or has been requested for removal, enhancements were made to the processes for purging data from the platform.

Within the Talent Acquisition Suite, workflow associations across Connect, Recruit and Onboard will no longer prevent profiles from being purged. And profiles marked for purge will be automatically handled as scheduled, with no additional action required. 

Job applicants are also entitled to individual data subject rights, such as notice and consent, data access, correction/rectification, and portability. With these needs in mind, iCIMS introduced a candidate request screen and a new search type to better view and act upon these candidate requests.

When GDPR features are enabled within the career portal, candidates encounter a new data subject requests page on their candidate dashboard where they can then make a variety of requests.

After the request selection is made, the label and message below update dynamically in response. The responsive labels and messages can be configured by location, EU regions for example, or on a per portal basis. At that point, the candidate has the option to enter additional comments prior to submitting, or cancel out of the request page altogether, if they do not wish to make a request.

The new search type, Personal Data Request, provides default search templates and allows user admins to review the personal data requests made by candidates via the Data Subject Requests page. In addition to search results, users can review and take action on associated information related to the particular candidate and view the most recent platform user to make updates to the request.

Additional Resources

Now that GDPR has arrived and its requirements are in full effect, iCIMS plans to continue to make compliance a priority and update the platform accordingly along the way. Be sure to visit the iCARE release readiness page in the coming weeks as we continue to make GDPR related updates and improvements.

You can also refer to iCIMS’ customer FAQ document for further details on how iCIMS is currently supporting GDPR readiness.