Write "yes" on the following text-area to display the CTA section
Over the past few months, we’ve been asked many questions about the Volcanic GDPR-compliant Compliance Area featuring the self-service candidate dashboard. Our series of blogs sets out to answer the most frequently asked questions.
Here, we respond to questions relating to the self-service candidate dashboard.
Candidates can manage their data by logging in to their candidate dashboard, where they have live visibility of the status of their data and consents.
A candidate can give consent by ticking the tick box in the list of consents on the candidate dashboard. By actively ticking a box in the list, a pop-up message will appear. This message must be scrolled through and consented to by clicking the submit button to confirm. By unticking the box, consent is removed in the same way.
The right to be informed
The right to rectification ie to update their data
The right to erasure (the right to be forgotten or RTBF)
The right to data portability
The right to restrict processing
The right to object
The right of access (Subject Access Requests or SARs)
Rights in relation to automated decision making
Each right and how it is handled in the Volcanic dashboard is outlined below:
Personal data can be rectified if it is inaccurate or incomplete. The request must be actioned within one month. The Volcanic approach makes this simple - all data on a candidate is shown in the candidate dashboard area and can be updated by the individual.
The right to be forgotten (RTBF) process is very clear. When a candidate makes a deletion request for all or part of their data, the Volcanic platform logs this request and sends an email to your business’ Data Protection Officer (DPO), or designated compliance contact. It is up to the DPO or designated contact to validate the request and instruct Volcanic whether or not to delete the data.
There may be legal reasons for you to keep their data, for example if you have placed a candidate in a role and are required by HMRC to keep the data - these reasons supersede the GDPR.
You have 30 days to deliver the RTBF or SAR. At Volcanic we log the request as soon as it is made, which triggers an email to your DPO or designated compliance contact.
The candidate can login to the candidate dashboard and download their data as a .csv file.
If a candidate requests this, you must suspend their data from being processed in the system. Search the user in the admin area and click the suspend user button to prevent any further processing of their data.
Individuals have the right to object if they have grounds relating to their particular situation and they must be informed of this at the point of first communication, presented separately from other information.
This allows a data subject the right to confirm that their data is being processed and access to their personal data. The Volcanic platform provides an area where the individual can make a subject access request. The request is recorded and date stamped and the DPO or designated compliance contact notified by email.
When a candidate makes a deletion request for all or part of their data, the Volcanic platform sends an email to your business’ Data Protection Officer (DPO), or designated compliance contact. It is up to the DPO or designated contact to instruct Volcanic whether or not to delete the data.
GDPR defines profiling as any form of automated processing intended to evaluate certain personal aspects of an individual to predict their performance and behaviour, among other criteria. You must ensure processing is fair and transparent by providing meaningful information about the logic involved as well as the envisaged consequences, and secure data in a way that is proportionate to the risk to the rights of the individual.
If candidates request the Right To Be Forgotten or The Right Of Access, this generates an email to your designated Data Protection Officer or Compliance contact.
If a candidate has registered on your website, they will have already agreed or disagreed to their Preferences (Legal Messages) you have set. Depending on the wording you choose to use, the consents may refer to opting-in to receiving marketing material.
Volcanic is supporting the recruitment industry towards GDPR compliance. Make sure your and your team are trained in GDPR awareness using our free resources: watch our free GDPR awareness training video here.