GDPR FAQs - Integrations

Over the past few months, we’ve been asked many questions about the Volcanic GDPR-compliant Compliance Area featuring the self-service candidate dashboard. Our series of blogs sets out to answer the most frequently asked questions.

Here, we answer questions relating to integrations. ​

How can I make sure my integrations are GDPR compliant?

As part of your vendor due diligence process, you should audit your CRM supplier.

Do people have to opt in to job alerts?

Job alerts form part of your Terms and Conditions, which are not within the GDPR.

Will my opt-ins be sent automatically to my CRM?

We will be able to send opt ins and consent messages to your CRM via the normal application process. It will be up to you to ensure that the data is posted into your other systems such as your CRM.

Do you make use of any security technology to protect data collected on your website?

All of our systems are ISO 27001 compliant, which ensures they either meet or surpass the terms of the GDPR.

Will the email to the DPO be encrypted?

There is no need to encrypt the email to the DPO as the only information it contains is non-sensitive. The DPO will be alerted via the email to visit their portal to review the information.

Who within Volcanic can view candidate data?

No-one within Volcanic can view candidate data. In case of a specific issue where we would need to look at a data subject’s data, eg a problem with a candidate registration, temporary access is requested of the site owner’s DPO and, once the request is approved, access for a specified timeframe is given to a designated person at Volcanic, as this is for a legitimate business interest.

Volcanic is supporting the recruitment industry towards GDPR compliance. Make sure your and your team are trained in GDPR awareness using our free resources:  watch our GDPR awareness training video here.