GDPR

Header Image

First analysis of its kind: HR-ON has asked more than 1000 Danes if they have a good understanding of GDPR

First analysis of its kind: HR-ON has asked more than 1000 Danes if they have a good understanding of GDPR 3353 2514 HR-ON

The EU’s new Personal Data Regulation with a wide range of consumer rights is being rolled out in a few months, but only one in three consumers is aware.

Even though more than seven in ten Danes have felt uneasy about providing personal information on the Internet, less than one in three Danes have heard of the comprehensive European Personal Data Regulation (GDPR), which comes into effect on 25th May this year.  This can be seen in the results of a survey conducted by the research institute A&B analysis, on behalf of HR-ON. A random sample of 1,258 adult consumers participated in the study.

“It is paradoxical that one makes such pervasive legislation to protect consumers and does not do more to inform consumers about it. Is it really about protecting the interests of the consumers or just about going after Google? More should have been done to inform ordinary people about GDPR,” Ali Cevik says.

The Personal Data Regulation will ensure that consumers’ personal information is erased and that a lot of private information is not saved in the first place. If companies violate the regulation, there will be unprecedentedly high fines of up to 20 million euros or up to four percent of the company’s global revenue.

“If a consumer demands information from a high-profile business on the use of their personal data and wins, this could create a big issue. Then others may also realise that they can raise a case and more people will probably do so if they hold a grudge against the business“, says Ali Cevik.

HR-ON has worked with GDPR for a long time

HR-ON has been worked intensively for a long time in order to be ready for GDPR. As an online recruitment system,there are particular challenges with personal data. People are writing large amounts of deeply personal information in an application, and it needs a system like HR-ON to keep track of it, so the system’s customers don’t have to worry about GDPR breaches. 

A lack of knowledge of personal data protection can, in the worst case scenario, lead to people not progressing in their careers and companies not getting the best candidates for their vacancies.

“It is important that people feel safe. We run the risk of people holding back and, for example, failing to look for jobs if they do not know the rules which protect the privacy of their data,” Ali Cevik says. 

It depends on gender and salary

The study shows that slightly more men than women have heard about the Personal Data Regulation. That is 31.9 percent vs. 27.1 percent. Also, the study shows that the knowledge of GDPR is highly dependent on the size of people’s paycheck. The awareness is less than 20 percent for household incomes below DKK 300,000, while it is more than twice as large, 49 percent, for household incomes over DKK 700,000.

“If you do not know the rules, there are many unknown factors that can make you insecure,” Ali Cevik explains.

The study also shows that general insecurity of providing information online is relatively high. In fact, seven out of ten say that they feel of have felt unsafe inputting personal information online. This insecurity increases with age. For young people it is 68.8 percent, while in the 65+ age group it is at 83.5 percent. 

“It is natural that technology alone will scare many elderly people. What is surprising is that so many young people are insecure. They are used to surfing online, posting and tagging each other in all sorts of contexts. Many slightly older people are more reserved,” Ali Cevik says.

The new Personal Data Regulation gives consumers a number of rights in relation to, for example, being informed of what information the company has stored, but Ali Cevik does not expect a burst of GDPR inquiries to companies immediately after 25th May. 

“The first few cases will determine in which direction it will go and how fast. And then, of course, it’s also not the consumer who receives the fine of up to 20 million euros if the rules are not followed,” Ali Cevik concludes.

The important points of the analysis: 

  • While Danish companies are raving about GDPR, less than a third (39.6%) of consumers have heard about it.
    • Slightly more men (31.9%) than women have heard of GDPR (27.1%)
    • Knowledge is highly dependent on income. With a high household income (more than DKK 700,000), 49% heard of it, while at the low household income (less than DKK 700,000) is at 19.3%.
  • More than seven in ten (72.8%) have felt or feel unsafe submitting information online.
    • Women feel less safe (79.1%) than men (66.6%)
    • The insecurity increases with age. For young people (18-34 years old) it is at 68.8%, while for 65+ years it is at 83.5%
    • Insecurity decreases with income. Insecurity is at 77.6% for low-income consumers, while the figure is at 67.7% for consumers in the high income area. 

 

You can read more about the survey here (pdf)
And here you can read more about personal data and also try our risk calculator

Header Image

Danish Companies could end up being overrun by GDPR requests

Danish Companies could end up being overrun by GDPR requests 1200 628 HR-ON

When the new GDPR rules come into effect, businesses could be hit by thousands of inquiries from customers about their data.

Next week, the EU’s Personal Data Regulation (GDPR) will come into effect, and so far the main focus has been on the extremely large fines that businesses risk having to pay if they fail to live up to the regulation. However there is another issue looming on the horizon for companies. And it could affect all companies, whether they comply with the regulation or not. According to BritishComputing.co.uk, up to four in ten consumers will take advantage of their right to gain access to corporate data collected by companies. The figures come from a survey conducted by Veritas involving around 3,000 adults across Europe.

“Although it’s unlikely that all 40% will actually choose to seek this information, it will nevertheless create a huge extra workload. The only thing companies can do is to automate as much of the process as possible,” Ali Cevi explains (director of HR-ON). 

Companies are not prepared for GDPR

However, many companies are not that far ahead in the process and have not yet automated this process. In fact, many of them are not ready for GDPR at all. A recent study, conducted by A&B Analysis on half of HR-ON, shows that more than a third of Danish companies are simply not ready for the new GDPR rules.

“The new GDPR law is very comprehensive, and probably also more comprehensive than most people have realised. I fear that many companies will still be in for a nasty surprise, even if they think they are prepared for GDPR” Ali Cevik says.

The ugly surprise can also come in the form of dissatisfied users. According to the Veritas survey, eight percent of consumers will consider taking advantage of opportunities to take revenge on companies they feel have treated them poorly.

“Basically, companies must modify their systems, so that it is possible to populate all the necessary information with one click. It will be a big task if this needs to be done manually. And if many users approach a company at once, this would be almost impossible to do manually,” Ali Cevik explains and continues:

“In the worst case scenario, a business could be hit by a campaign on social media with thousands of customers suddenly asking for information. If the company is unable to deliver within 14 days, as prescribed by the rules, they risk one of the large fines. For some companies, a fine of that size could even result in closure.”

The Personal Data Regulation comes into effect on May 25, 2018

En computer chip med det danske flag som er omgivet af eu i bytes

Denmark Takes the Lead in EU’s Digital Revolution

Denmark Takes the Lead in EU’s Digital Revolution 1200 628 HR-ON

Cloud services, artificial intelligence, high digitalization. Denmark is ready to take the next step into the digital age. 

No other country in the European Union is as far along with the digital revolution as Denmark. According to the latest figures from Eurostat, Danish companies are Europe’s most digitalised. Therefore, it is also predicted that Denmark could become the springboard for the revolution in digital recruitment, says Ali Cevik, director of HR-ON.

“It is becoming more and more clear to people that digitalization is not about making things less human, but rather about being able to look each other in the eye when it makes sense and let the computers take care of routine and administrative tasks,” Ali Cevik says.

In the study, Denmark outperforms the average on all 12 parameters for the degree of digitalization.

Recording routine work

In the field of e-recruitment, the digital revolution assists by automating all tasks as much as possible, so that the manual work is largely limited to writing a job post and taking the job interviews.

Everything from distribution of job postings to portals and social media, invitations to interview and even signature of the digital contract is handled with a click of the mouse and a check-mark.

Denmark is twice as far as the EU

Eurostat figures show that 42 percent of Danish Companies have a high or very high level of digitalization. Denmark is thus in front of both Finland and Norway, which are at 42 and 35 percent respectively.

At the other end of the scale, we have countries like Bulgaria and Romania which are both at 12 percent. Countries like France and the UK are also below average, both around 17 percent, while the EU average is 21. This means that Denmark is twice as far into the digital transformation compared to other countries in the EU.

Social Media becomes the engine of the future

The next step in digital recruitment is the transition from job portals to social media. Just as recruitment has moved on from printed job adverts to digital job portals, advertising is shifting from job portals to social media.

The advantage on social media is that companies no longer rely on candidates to actively search for the ads themselves. On social media, the ads can target suitable candidates, who then receive these ads on their feed. Even if they might not be active jobseekers. 

“Social media and especially LinkedIn will play a vital role in the future. In the future, companies no longer need to rely on the candidates to find the ads themselves,” says Ali Cevik.

Almost half use SoMe

Statistics Denmark does not yet have the figures for 2018, but already in 2017, 44 percent of companies had used social media for recruitment. At the same time, 68 percent of companies had an active profile on at least one social media site. This was an increase of 19 percent over the previous three years. 

These statistics also show that 61 percent of companies have had difficulties recruiting IT specialists. The year before, the figure was at 51 percent. The problem of recruiting IT specialists is highest in small businesses. 

Artificial intelligence begins to play a role

According to Statistics Denmark, 54 percent of companies now use advanced technology, including artificial intelligence, robots, satellite services and the like. In this context, advanced technology is defined by some criteria set by Statistics Denmark. Internet and computers that were once also advanced, but which today are used by almost everyone, are not counted. 

Artificial intelligence is particularly relevant to the future of recruitment. Only five percent of companies use artificial intelligence, and that number has not risen from 2017 to 2018. Only in the information and communications industry has Statistics Denmark been able to find an increase from 13 to 18 percent. 

Half of Denmark is ready for the cloud

Almost half of all Danish companies are using cloud computing services – an increase of 13 percent over the previous three years. 

“There is a wide range of benefits to businesses of using cloud services. They can be accessed anywhere, and companies do not have to maintain servers or anything else. They can simply focus on their core business,” Ali Cevik says.

In the EU, Denmark is surpassed only by Sweden and Finland, which are significantly lower than the EU average of 21 percent, with a full 57 percent of companies benefiting from cloud computing.

GDPR billede og polske frimærker

Eight Million Euros on Postage

Eight Million Euros on Postage 1200 628 HR-ON

Bisnode to cough up eight million euros on postage due to GDPR breach – which is 36 times more than the fine!

220,000 euro fine for the Danish company Bisnode due to violations of the GDPR rules in Poland.

Apart from being the first fine of its kind in Poland, it is not in itself particularly startling. What is remarkable is that the company is required to inform the six million people whose data was affected, with an old-fashioned letter in the post, according to TechCrunch.

According to the company, the request, made by the Polish Data Protection Authority, will incur an expense of eight million euros for postage alone. Not to mention the other costs involved in sending out the many letters. 

The crime committed by Bisnode in Poland is that they have collected data from publicly available sources without informing the people who this data belongs to. An action that is contrary to Article 14 of the European Personal Data Regulation. The company has been given three months to inform the people affected.

According to TechCrunch, who refer to Polish media, Bisnode is to take the decision to court. First, to the Polish judicial system and, if necessary, all the way to the top of the European Court of Justice. They will challenge Article 14 on exactly how much can reasonably be imposed on companies in the duty to provide information. Article 14 has exceptions that speak of proportionality or impossibility. The question is whether those exceptions can come into play here.

“The decision is seen as very radical, as it interprets Article 14 very literally,” IT security expert Lucasz Olejnik told TechCrunch. According to him, the Polish Data Protection Authority has taken a very principled decision in this case:

“They argue that the business model is based on data harvesting and that the company has made an active decision. They also argue that the company was aware of the obligation, since they did contact some of the individuals involved.”

It is not illegal to collect data from publicly available sources. However, you have a duty to inform people about the purpose for its use, among other things. In this case, Bisnode has collected data on entrepreneurs and business owners. They only had email addresses for a very small amount of them.

The majority – 5.7 million people – never heard a word

Bisnode has commented on the Polish website that they consider it unrealistic to have to contact 5.7 million people by mail or telephone. They also believe that a general output of information, for example a newspaper ad, would be preferable to both the sender and the recipient.

In addition to informing roughly 90,000 people that Bisnode had deleted their data, Bisnode made a post on their website. The Polish Data Protection Authority have clearly rejected this public post saying it is insufficient. Their reasoning is that not all people would find it.

In addition, of the 90,000 informed, 12,000 chose to say no. TechCrunch has attempted to get a comment from Bisnode on the matter.

For HR-Skyen (now HR-ON), GDPR cases are always relevant. When it comes to recruitment, companies cannot get around GDPR. Job applications contain a wide range of personal information that falls under the rules.

By using the system provided by HR-ON, companies can ensure that the information is always processed in accordance with the GDPR rules. This means, among other things, that companies will always be able to document how data is processed.

System

Despite the recent Facebook case, consumers are still not aware of their rights

Despite the recent Facebook case, consumers are still not aware of their rights 5472 3648 HR-ON

The EU is on the verge of change regarding customer rights. It is important that consumers are aware of this – especially after the large data leaks recently reported in the news, says HR-ON.

HR-ON have investigated consumer relations with GDPR.

There was recently a significant case in the news. A company, called Cambridge Analytica, managed to access up to 87 million Facebook users’ private information. This case shows that there is a need for an increased focus on personal data security. However few consumers are aware that the European Union is undergoing a very comprehensive change in regulation that will give them a whole range of new rights. This is shown in a study made by A&B Analysis on behalf of HR-ON. It is contradictory, says HR-ON’s director, Ali Cevik, as a comment on the current situation. The EU’s General Data Protection Regulations comes into force on 25th May this year. 

The rules are designed to hit the big ones such as Google and Facebook, so they cannot just use people’s data in a way that consumers cannot see, and then it’s startling that so few have heard of GDPR,” explains Ali Cevik.

The survey shows that even though seven out of ten Danes have felt insecure about providing information online, only one in three have heard of GDPR. The new rules should make everything clear to consumers. The new GDPR rules will allow them to know what information companies have and also how they use it. At the same time, the rules ensure that companies only store genuinely relevant information and that consumers are able to withdraw their commitment to sharing data as easily as they have given it.’

Everyone should be aware of their rights

“Everyone should know that they have the right to see what companies have registered about them and that they have the right to withdraw commitments again,” says Ali Cevik.

The new rules, and the fines associated with breaking the rules, are targeting companies, not consumers. If companies breach the new rules, they will risk fines of up to 150 million DKK. Previously, the maximum possible fine was 25,000 DKK. The consumers who are familiar with the new GDPR rules have most likely heard about it through their work rather than through public information.

“GDPR will have a major impact on our lives, and it applies to the whole of Europe. Our survey is the first of its kind, and it reveals that the authorities have done far too little to inform consumers about GDPR,” says Ali Cevik.

HR-ON helps customers to be GDPR-compliant

HR-ON works with GDPR in relation to corporate recruitment. Applicants come with a wide range of personal information that needs to be handled properly. In HR-ON’s market, a lack of knowledge could result in people not getting the right job, or companies not getting the best candidates. In general, insecurity and ignorance could mean that the entire digital world runs less smoothly than it could.

ali Cevik

“There is no doubt in my mind that insecurity and lack of knowledge about data security are linked. Therefore, consumers should also have been better informed about the rights they have and, above all, the rights they get with GDPR,” concludes Ali Cevik.

Header Image

Are Danish Companies Ready for GDPR? HR-ON has it mapped out

Are Danish Companies Ready for GDPR? HR-ON has it mapped out 1200 627 HR-ON

HR-ON has conducted a professional survey which reveals that most companies have not yet mastered the new GDPR rules. These rules come into force on 25th May.

In a month, EU’s large personal data regulation, GDPR, comes into force. By that time, all companies, not only in Denmark, but in the whole of the EU, will have to comply to a wide range of new rules. Failure to do so, will result in fines of up to 150 million DKK. Nevertheless, a survey among Danish business owners and managers shows that 35.6% of companies are not ready for the new GDPR rules. The survey was carried out by the recognised institute A&B Analysis, on behalf of HR-ON.

HR-ON’s recruitment tool handles thousands of applications every year for the company’s customers. Therefore, HR-ON has been working with GDPR for over a year, to ensure that users of the recruitment system comply with the new personal data regulations.

“The new rules will fundamentally change the way companies work. For example, if companies do not change the way information is sent around in mail, they will be working illegally, and this will already be the case from next month,” Ali Cevik, director of HR-ON, says.

From the survey, the remaining 64% of the companies responding saying they feel either ‘fairly well prepared’ or ‘very well prepared’ for GDPR coming into effect.

Unaware of the new rules

The study also shows that roughly a third of companies simply do not know about the new rules. To be exact, 31.3% have not heard about the new EU personal data regulation, GDPR.

These days, with Facebook being grilled about their use of personal data, all companies should be thoroughly informed about the personal data rules. The fact that so few companies know about the new rules is very startling,” Ali Cevik says.

Only a fifth of companies in the survey responded saying they have a full understanding of GDPR. In addition, 38% say they have a reasonable understanding. Combined, this means that 58.2% of Danish business executives and owners feel they have some understanding, while the remainder have little or no understanding of the new rules their companies must follow from 25th May.

Lack of information

Business owners and managers believe that their lack of knowledge about the new EU personal data regulations, is in part due to the lack of public information available. Only about one in twenty say that they have been ‘very well informed’ about GDPR. With one in four saying that the public authorities have done a good enough job of informing people.

“When so many people feel that the authorities have not informed them well enough, it means by definition that they have not received sufficient information. It is problematic that there is no better information on such comprehensive rules,” Ali Cevik says. 

The survey shows that the business owners are slightly more informed about the new regulations than the business executives. 73% of owners have heard about GDPR, and only 66.2% of executives. Also, larger companies seem to be better informed. 74.8% of companies with more than 60 employees are well informed of GDPR, while only 63.5% of companies with fewer than five employees has this information.

We can also see that older business owners and managers seem to be better informed. Among business owners and managers under the age of 35, only about 56.3% know the rules, while in the 65+ age group, 80% is familiar with GDPR.

The survey was conducted in April and included 335 randomly selected business executives and owners (with a distribution of approximately two-thirds managers and one-third owners). Companies range from very small businesses to companies with over 100 employees. The latter represents 28.7% of the companies in the analysis. 

If you would like to read the entire survey, please fill out the form here and download it instantly.

No thanks, give me a demo right away so I don’t have to worry about GDPR and recruiting!

YES PLEASE, I WOULD LIKE TO RECEIVE THE GDPR INVESTIGATION DOWNLOAD.

* required









Header Image

HR-ON: 2018 Was Our Year !

HR-ON: 2018 Was Our Year ! 1200 729 HR-ON

2018 has been a groundbreaking year for HR-ON, in many ways. The company has, since its beginning in April 2012, built a still growing foundation. In 2018 the acceleration of growth has been particularly noticeable. The number of customers using the system doubled and the staff increased by 12. At the same time, the company has reached a number of important milestones. 

Three things in particular have characterised everyday life in the company; the introduction of GDPR, the start of a groundbreaking collaboration with LinkedIn and the launch of the new HR system, HR-ON staff.

2018 has been a fantastic year. Everything we have been doing since the beginning, has really begun to fall into place. We are a truly unique team of employees, and the success is all thanks to the team” ,says HR-ON’s director, Ali Cevik.

The many years of continuous growth were also reflected in a Gazelle prize from ‘Børsen’ (Denmark’s leading business magazine). 

2018 was the year of GDPR

The EU General Data Protection Regulation, GDPR, came into force on May 25, 2018. This had a huge impact on how companies can process the personal information that appears in people’s applications. HR-ON needed to adapt, so that customers could feel assured that they would not risk violating the rules.

“A survey we conducted showed that many companies were not ready for the new GDPR rules. Of course, we cannot get into every nook and cranny of your business, but it is important to us that our customers know that when it comes to recruiting and personnel management, they are in the clear,” Ali Cevik says.

The new GDPR rules have been a major challenge for many companies. But, with HR-ON, companies can be sure they stay within the lines when it comes to applications. The old-fashioned methods of sending emails across offices and printing documents left, right and centre, are simply not legal anymore.

First LinkedIn Partner in Denmark

In 2018, HR-ON was also the first Danish company to enter into an official partnership with LinkedIn.

The agreement with LinkedIn allows HR-ON’s customers to put their vacancies directly on LinkedIn. This way, the positions can be targeted to an unprecedented degree towards LinkedIn’s more than two million Danish users.

“There is, of course, a reason why LinkedIn chooses to collaborate with us, and so we are proud of the partnership. However, the most important thing is of course the benefit it brings to our customers,” says Ali Cevik.

Manage staff from the cloud

Since the beginning, HR-ON has been a recruitment system. However, it has long been clear that the next natural development step was to expand to a broader, complete HR system. 

“Several customers were asking for an HR system that is as easy to use as our recruiting solution, and they made themselves available to develop it with us. This is why together we have made HR-ON Staff, which handles the staff administration from the first day of work, all the way until the employee leaves the company again,” says Ali Cevik.

HR-ON Staff provides a complete overview of from master data and on- / off-boarding, to anything else which falls under staff administration. On top of that, HR-ON Staff is also GDPR-secured for businesses.

“We are now looking forward to new exciting challenges in 2019. Major plans for next year include; getting HR-ON Staff out on the market and sharing the benefits of our LinkedIn partnership with even more customers. And of course we plan to help even more new customers to get a handle on GDPR in relation to their recruitment, by introducing and installing our recruitment system,” Ali Cevik concludes.

Does Soccer Trump Sex?

Does Soccer Trump Sex? 1200 628 HR-ON

In the upcoming years, HR and recruitment related work will undergo a major change, where machine learning and AI will increasingly become key tools for the HR employee and the recruiter.

This development creates simultaneously some great opportunities and some worrisome scenarios that will need to be addressed from this moment on.

In this post, I would like to address some of the perspectives one can/should take in relation to data-driven recruitment and HR. I will focus specifically on recruitment.

When collecting large amounts of data, it is natural to use the data to learn. The first step is to create statistics based on the collected data. The statistics tell us something about the past and provide answers only to the questions asked, if that.

The next step is the work on machine-learning, where one trains algorithms to find patterns in data, which one may not be aware of. It could be to identify various trends or to see connections that may not come to mind otherwise.

However, the fact that there is a connection, a correlation between different types of data, does not necessarily mean that there is also causality – that is causal relation.

Machine-learning can provide a basis for making future analyses and is therefore not limited to looking back at the past, like statistics.

Let’s talk a bit about data

When working with data, it is important to be clear that data does not necessarily say anything about reality or contain any truth. Data may be contaminated in many ways, and the way in which we put together the data may prove to be wrong and could ultimately have disastrous consequences.

It recently emerged that the data used in legal proceedings for the last 7 years may be faulty . Specifically, this means that people guilty of committing a crime may have gone free, and worse, that innocent people have been convicted by Danish courts. The Danish authorities are now beginning the huge task of reviewing thousands of cases. And the people effected by this scandal must now try and piece together their lives, which were destroyed along the way.

I recently attended an HR conference where a presenter told an immersive story about a football fan who had seen a very exciting match on television. And later the same night, he was with his girlfriend in more intimate conditions.

He was wearing a pulse-watch, and the data from this watch subsequently showed that his pulse had been faster during the soccer match, which was interpreted as him being more engaged in football than in intimate relations. In other words: Football trumps sex.

However, this may have just been a misinterpretation, because had the clock also measured the level of neurotransmitters in the brain, the conclusion might have been quite different. And furthermore, you could ask him yourself and perhaps get a third answer.

One must therefore constantly be critical of one’s data and how to use it.

Practical use in recruitment

When recruiting, you are of course interested in finding the right candidate and in that process, you collect as much data and knowledge about the candidate as possible. There’s nothing wrong with that.

However, the more data you collect about a candidate, the greater the requirements it puts on the recruiter’s professional as well as ethical, social and empathetic skills.

One must be able to sort data and also to reject data that is interesting enough but not necessarily relevant in the specific context. At the same time, one must be able to take a critical view of the data used and pay attention to deficiencies and sources of error.

The fact remains that nothing can replace a personal meeting between people. In fact, the more data you have access to, the more important the personal meeting becomes.

And if the personal meeting with the candidate experiences a mismatch between what has been seen in his data and what the candidate produces, then first, you have to be critical of your data and method.

It could be said that the most important thing is that the recruiter’s level of competence must match the amount of data. The more data, the higher the level of compatibility required. And having more data it ideal because it will lead to a much more qualitative recruitment and greater likelihood of a good match for the benefit of both employees and companies.

The above, of course, takes its starting point in a humanist perspective and a desire on my part for an increased focus on the human factor during a data-driven time.

Something I personally think is becoming increasingly important as machines take over more and more of our tasks, and a wish I am not alone with, is one of the core areas of GDPR, where a part of automatic profiling has been made.

The only question left to answer is: does soccer really trump sex?

Christian Hansen

CTO, HR-ON.

Banner image

How the general data protection regulation changes recruitment and job adverts

How the general data protection regulation changes recruitment and job adverts 1200 628 HR-ON

The new General Data Protection Regulation (GDPR) will change the way we advertise jobs and recruitment in general. Get ahead in your recruitment efforts with some more information.

Article updated in May 2018.

The General Data Protection Regulation is changing the way companies recruit – this is generally good, but it will increase the complexity of online recruitment for some companies.

In this article, we will focus on what you need to ask in your job postings and what data you must collect from potential candidates in the future when the new Personal Data Regulation enters into force at the end of this week, on May 25, 2018.

You will find answers to the following questions regarding online recruitment:

  • What kind of data will be allowed in recruitment?
  • What are you allowed to ask your candidates according to GDPR?
  • What you should be able to document for data protection?
  • How to avoid unwanted information?

WHAT DOES THE NEW GENERAL DATA PROTECTION REGULATION ALLOW?

In reality, there is not a big difference in the kind of data you are allowed to collect before and after the General Data Protection Regulation. The key difference is in your documentation and in the processing of data.

Therefore, you can expect some extra work in the processes before and after the collection of data. For example, it is necessary to argue the reason behind the collection of certain kinds of data in connection with recruitment.

Therefore, as a recruitment officer, you need to cast a critical look at the data you collect about your candidates.

A CRITICAL EYE FOR YOUR VACANCIES

Not all the knowledge and data you collect is relevant to evaluate the best candidate for a specific job vacancy.

With the new Personal Data Regulation you need to look at the application form(s) you use and answer the following questions:

  • Are all questions relevant to find the right candidate?
  • Do you collect sensitive information?
  • Have you documented your assessment and positioning of the above?

When the General Data Protection Regulation comes into force on Friday, it is important, that you have thought about and implemented these questions in your recruitment routine, so your online recruitment process meets the requirements of GDPR.

Try the risk assessment tool provided by HR-ON.

IMPORTANT KNOWLEDGE OR INDIFFERENT INFORMATION?

To start with the first question, it is important that you do not have unnecessary questions on your application form.

Is it still relevant to know your applicant’s place of residence, or is it a superfluous information that can be substituted with the candidate’s general zip-code, to know if they live nearby? Most people already communicate by phone or e-mail, so you probably do not need to send a letter to any of your candidates via mail.

Place of residence is, therefore, in most cases, an example of unnecessary information from your applicants.

When the General Data Protection Regulation comes into force on May 25th, it is important that you expound the information and data, that you gather from candidates. The Data Protection Agency will be critical to both redundant and useless data collection from candidates, which can be at risk – especially if there is sensitive information among them.

Which leads us to the next important point.

WHAT KINDS OF DATA DOES THE GDPR ALLOW YOU TO COLLECT AND STORE?

In the European Regulation, it is distinguished between two kinds of personal data: general information and sensitive information.

The level of data security and documentation depends on the type of data you want to collect. Especially your measures in case of data breaches and leaks.

Examples of the two different kinds of personal data can be seen in the table:

General information Sensitive information
  • Name
  • Address
  • E-mail
  • Prior offenses
  • Passport, drivers license etc.
  • Journal number
  • Racial or ethnic background
  • Political, religious or philosophical beliefs
  • Professional memberships
  • Health as well as sexual relations or orientation
  • Social security number (Has a grade outside of scale)

If you only want to collect just general information, it makes sense to obtain a so-called ISO 27001 certification.

You can read about ISO 27001 certification here.

As a general rule, you should only collect common information, as sensitive information has much higher information security requirements.

GDPR REQUIRES DOCUMENTATION

One of the most important points in the new General Personal Data Regulation, in relation to your recruitment and job creation, is documentation.

In order to be GDPR-compliant with your questions in the job posting, it is important that you not only have a critical look at the data and questions you ask your applicants – you must also prove that you have been critical of them.

In practice, this means, that you will need a handbook or documented guidelines for questions in vacancies that you can refer to if the Personal Data Agency comes knocking at the door.

For many recruitment officers, it will therefore make sense to use standardized questions in job vacancies to avoid documentation and argumentation for data collection in all job listings and posts.

HOW DO I AVOID SENSITIVE INFORMATION?

Now you know, what you are allowed to ask your candidates and how to document your recruitment process.

But your applicants can still send you sensitive information through mail or your recruitment system – and that can actually become a problem for you. According to the General Data Protection Regulation, you are still obliged to take measures to ensure that you do not receive sensitive information from people.

In the vast majority of cases, it will probably be enough to point out, that you do not want to receive your applicants’ social security number, health history, information about political or religious beliefs and other sensitive information.

In other cases it’s hard to get rid of them; for example on exam papers, which almost always have the social security number printed on them.

But since HR-ON has as its declared purpose to make recruitment easier, we have implemented technical solutions that can automatically sort out much of the sensitive information.

Read about the future of e-recruitment here get a demo before the GDPR is coming into force on May 25, 2018.

Banner image

Social media and GDPR: What will change?

Social media and GDPR: What will change? 1200 628 HR-ON

May is approaching, and the worries related to the GDPR (General Data Protection Regulation) are increasing as well. The date is fixed and the purpose is clear: this regulation will protect our personal data as any other law before.

So far, we know that GDPR will touch every aspect of our life, from the private to the professional ones. For example, the data that we will include in our CV will be protected by cloud-based systems, where the companies will be able to store every CV and cover letter received without storing personal data on their computers.

But what about the huge amount of data that we use when we are browsing our favorite social media? What about Facebook?

Facebook vs GDPR

Well, the group of Menlo Park didn’t want to be left behind and in order to be fully GDPR-compliant, will let the users manage their own data to protect their privacy. In the privacy section of your own profile, you can already read about their efforts to do so:

“The information you share on Facebook remains your property. This means that you decide what to share and with whom you share it on Facebook and you can even change your mind. That’s why we provide you with the tools to eliminate anything you have published. We remove deleted content from your diary and our servers. In addition, you can also delete your account at any time.”

They will be finally able to check who can see their content and the reactions to the posts. They will have the possibility to manage their tag on the posts and much more, in an easier and clearer way.

Moreover, the social media will let its privacy principle be public, in a surprising move of transparency. In the aftermath, pushed by the coming into force of the GDPR, Facebook will let the users know, how their data will be used. This will be possible thanks to a new control center, but it might result in some alterations in the way Facebook users will navigate the social media platform.

Less time on the newsfeed

In fact, Zuckerberg affirmed that this new strategy will probably decrease the amount of time spent on the platform. But this will be probably the best decision for its brand: more transparency, more trust gained from the user perspective and a full compliance with the new European rule that is altering the whole world.

It is already possible to check the privacy principles of Facebook on this blog post.

 

And you? Which changes are you doing for your company?

Fill out the information and we will contact you as soon as possible.

FÅ EN GRATIS DEMO

Lad os ringe dig op og aftale en uforpligtende demonstration.

HR-ON Logo
OM HR-ON

HR-ON er en cloudbaseret programpakke, der gør jeres HR-arbejde lettere, sjovere og ikke mindst meget mere effektivt. Kort fortalt får I styr på hvem, der skal gøre hvad og hvornår. Samtidig har I overblik over, at det rent faktisk også bliver gjort.

Børsens Gazelle pris 2018
Charter mangfoldighed
ISA

Østre Stationsvej 27, 3   //  DK-5000 Odense C   //  +45 71 99 07 27   // sales@hr-on.com //  CVR: 34474540