GDPR

Does Soccer Trump Sex?

Does Soccer Trump Sex? 1200 628 HR-ON

In the upcoming years, HR and recruitment related work will undergo a major change, where machine learning and AI will increasingly become key tools for the HR employee and the recruiter.

At the same time, this development creates some great opportunities and worrisomescenarios that need to be addressed from this moment on.

In this post, I would like to address some of the perspectives one can/should take in its reflections on data-driven recruitment and HR. I will focus especially on recruitment.

When collecting large amounts of data, it is natural to use said data to learn. The first step is to create statistics based on the collected data. The statistic says something about the past, but at the same time, it provides answers only to the questions asked. And maybe not even that.

The next step is the work on machine-learning, where one trains algorithms to find patterns in data, which one may not be aware of. It could be to identify various trends or see connections that may not come to mind.

However, the fact that there is a connection – a correlation between different types of data does not necessarily mean that there also is causality – that is causal relation. Machine-learning can provide a basis for making future analyses and not just looking at the past, as the statistics allow.

A little about data

When working with data, it is important to be clear that data does not necessarily say anything about reality or contains any truth. Data may be contaminated in many ways, and our way of putting together data may prove fundamental to be wrong and ultimately have disastrous consequences.

Recently, itemerged that the data used in legal proceedings for the last 7 years may be faulty . Specifically, it means that guilty people may have gone free and worse, that innocent people have been convicted by Danish courts. The Danish authorities are in front of a huge effort to review thousands of cases in the coming years. And people stand before having to tile the swathe from lives that have been destroyed along the way.

In the more curious section, I recently attended an HR conference where a presenter told an immersive story about a football fan who had seen a very exciting fight on television. Later, he was with his girlfriend in more intimate conditions.

His pulse-watch subsequently showed that the pulse had been at most during the soccer match, which was interpreted as being more engaged in football than intimate relations. In other words: Football trumps sex.

But it may just be a fallacy, because had the clock also measured the level of neurotransmitters in the brain, the conclusion might have been quite different. And furthermore, you could ask them yourself and perhaps get a third answer.

Onemust therefore constantly be critical of one’s data and how to use it.

Practical use in recruitment

When recruiting, you are of course interested in finding the right candidate and in that process,  you collect as much data and knowledge about the candidate as possible. There’s nothing wrong with that.

However, the more data you collect about a candidate, the greater the requirements it actually puts on the recruiter’s professional as well as ethical, social and empathetic skills.

One must be able to sort in data and reject data that is otherwise exciting enough, but not necessarily relevant in the specific context. At the same time, one must be able to take a critical view of the data used and the attention to deficiencies and sources of error.

The fact remains that nothing can replace the personal meeting between people. In fact, the more data you have access to, the personal meeting becomes even more important and more crucial.

And if the personal meeting with the candidate experiences a mismatch between what has been seen in his data and what the candidate produces, then first of all, you have to be critical of your data and method.

One can put on the tip say that the recruiter’s level of competence must match the amount of data. The more data, the higher the level of compatibility required. But at the same time, it is a gift, because ideally it will lead to a much more qualitative recruitment and greater likelihood of the good match for the benefit of both employees and companies.

The above, of course, takes its starting point in a humanist perspective and a desire on my part for an increased focus on the human factor during a data-driven time.

Something I personally think is becoming increasingly important as machines increasingly take over tasks from us. And at the same time a wish I am not alone with, it is one of the core areas of the GDPR, where one has just made a lot out of automatic profiling.

Back is just one question: trumps football really sex?

Christian Hansen
CTO, HR-ON.

Banner image

How the general data protection regulation changes recruitment and job adverts

How the general data protection regulation changes recruitment and job adverts 1200 628 HR-ON

The new General Data Protection Regulation (GDPR) will change the way we advertise jobs and recruitment in general. Get ahead in your recruitment efforts with some more information.

Article updated in May 2018.

The General Data Protection Regulation is changing the way companies recruit – this is generally good, but it will increase the complexity of online recruitment for some companies.

In this article, we will focus on what you need to ask in your job postings and what data you must collect from potential candidates in the future when the new Personal Data Regulation enters into force at the end of this week, on May 25, 2018.

You will find answers to the following questions regarding online recruitment:

  • What kind of data will be allowed in recruitment?
  • What are you allowed to ask your candidates according to GDPR?
  • What you should be able to document for data protection?
  • How to avoid unwanted information?

WHAT DOES THE NEW GENERAL DATA PROTECTION REGULATION ALLOW?

In reality, there is not a big difference in the kind of data you are allowed to collect before and after the General Data Protection Regulation. The key difference is in your documentation and in the processing of data.

Therefore, you can expect some extra work in the processes before and after the collection of data. For example, it is necessary to argue the reason behind the collection of certain kinds of data in connection with recruitment.

Therefore, as a recruitment officer, you need to cast a critical look at the data you collect about your candidates.

A CRITICAL EYE FOR YOUR VACANCIES

Not all the knowledge and data you collect is relevant to evaluate the best candidate for a specific job vacancy.

With the new Personal Data Regulation you need to look at the application form(s) you use and answer the following questions:

  • Are all questions relevant to find the right candidate?
  • Do you collect sensitive information?
  • Have you documented your assessment and positioning of the above?

When the General Data Protection Regulation comes into force on Friday, it is important, that you have thought about and implemented these questions in your recruitment routine, so your online recruitment process meets the requirements of GDPR.

Try the risk assessment tool provided by HR-ON.

IMPORTANT KNOWLEDGE OR INDIFFERENT INFORMATION?

To start with the first question, it is important that you do not have unnecessary questions on your application form.

Is it still relevant to know your applicant’s place of residence, or is it a superfluous information that can be substituted with the candidate’s general zip-code, to know if they live nearby? Most people already communicate by phone or e-mail, so you probably do not need to send a letter to any of your candidates via mail.

Place of residence is, therefore, in most cases, an example of unnecessary information from your applicants.

When the General Data Protection Regulation comes into force on May 25th, it is important that you expound the information and data, that you gather from candidates. The Data Protection Agency will be critical to both redundant and useless data collection from candidates, which can be at risk – especially if there is sensitive information among them.

Which leads us to the next important point.

WHAT KINDS OF DATA DOES THE GDPR ALLOW YOU TO COLLECT AND STORE?

In the European Regulation, it is distinguished between two kinds of personal data: general information and sensitive information.

The level of data security and documentation depends on the type of data you want to collect. Especially your measures in case of data breaches and leaks.

Examples of the two different kinds of personal data can be seen in the table:

General information Sensitive information
  • Name
  • Address
  • E-mail
  • Prior offenses
  • Passport, drivers license etc.
  • Journal number
  • Racial or ethnic background
  • Political, religious or philosophical beliefs
  • Professional memberships
  • Health as well as sexual relations or orientation
  • Social security number (Has a grade outside of scale)

If you only want to collect just general information, it makes sense to obtain a so-called ISO 27001 certification.

You can read about ISO 27001 certification here.

As a general rule, you should only collect common information, as sensitive information has much higher information security requirements.

GDPR REQUIRES DOCUMENTATION

One of the most important points in the new General Personal Data Regulation, in relation to your recruitment and job creation, is documentation.

In order to be GDPR-compliant with your questions in the job posting, it is important that you not only have a critical look at the data and questions you ask your applicants – you must also prove that you have been critical of them.

In practice, this means, that you will need a handbook or documented guidelines for questions in vacancies that you can refer to if the Personal Data Agency comes knocking at the door.

For many recruitment officers, it will therefore make sense to use standardized questions in job vacancies to avoid documentation and argumentation for data collection in all job listings and posts.

HOW DO I AVOID SENSITIVE INFORMATION?

Now you know, what you are allowed to ask your candidates and how to document your recruitment process.

But your applicants can still send you sensitive information through mail or your recruitment system – and that can actually become a problem for you. According to the General Data Protection Regulation, you are still obliged to take measures to ensure that you do not receive sensitive information from people.

In the vast majority of cases, it will probably be enough to point out, that you do not want to receive your applicants’ social security number, health history, information about political or religious beliefs and other sensitive information.

In other cases it’s hard to get rid of them; for example on exam papers, which almost always have the social security number printed on them.

But since HR-ON has as its declared purpose to make recruitment easier, we have implemented technical solutions that can automatically sort out much of the sensitive information.

Read about the future of e-recruitment here get a demo before the GDPR is coming into force on May 25, 2018.

Banner image

Social media and GDPR: What will change?

Social media and GDPR: What will change? 1200 628 HR-ON

May is approaching, and the worries related to the GDPR (General Data Protection Regulation) are increasing as well. The date is fixed and the purpose is clear: this regulation will protect our personal data as any other law before.

So far, we know that GDPR will touch every aspect of our life, from the private to the professional ones. For example, the data that we will include in our CV will be protected by cloud-based systems, where the companies will be able to store every CV and cover letter received without storing personal data on their computers.

But what about the huge amount of data that we use when we are browsing our favorite social media? What about Facebook?

Facebook vs GDPR

Well, the group of Menlo Park didn’t want to be left behind and in order to be fully GDPR-compliant, will let the users manage their own data to protect their privacy. In the privacy section of your own profile, you can already read about their efforts to do so:

“The information you share on Facebook remains your property. This means that you decide what to share and with whom you share it on Facebook and you can even change your mind. That’s why we provide you with the tools to eliminate anything you have published. We remove deleted content from your diary and our servers. In addition, you can also delete your account at any time.”

They will be finally able to check who can see their content and the reactions to the posts. They will have the possibility to manage their tag on the posts and much more, in an easier and clearer way.

Moreover, the social media will let its privacy principle be public, in a surprising move of transparency. In the aftermath, pushed by the coming into force of the GDPR, Facebook will let the users know, how their data will be used. This will be possible thanks to a new control center, but it might result in some alterations in the way Facebook users will navigate the social media platform.

Less time on the newsfeed

In fact, Zuckerberg affirmed that this new strategy will probably decrease the amount of time spent on the platform. But this will be probably the best decision for its brand: more transparency, more trust gained from the user perspective and a full compliance with the new European rule that is altering the whole world.

It is already possible to check the privacy principles of Facebook on this blog post.

 

And you? Which changes are you doing for your company?

GDPR

France Fines Google $57 Million For GDPR Violations

France Fines Google $57 Million For GDPR Violations 1200 800 HR-ON

Bon appétit. The French Data Protection Commission nationale de l’informatique et des libertés, CNIL, has issued a $57 million fine for Google for breaching the European Personal Data Protection Registry GDPR.

The fine arises from complaints from the group, None of your business (NOYB), and La quadrature you net – backed up by 10,000 frenchmen. The groups filed the complaint against Google for not having consent to use personal data from users, particularly for targeted ads.

The complainant was registered respectively on the 25th and 28th of May, simultaneously with the GDPR coming into force. The fine is issued based on two breaches of the GDPR. Firstly for the lack of transparency and information towards the users, and secondly because users have not had enough access to see how Google used their data in connection with advertising.

In addition, CNIL decided that Google does not have the legal basis for targeting user-based advertising, which is a cornerstone of Google’s entire business foundation.

According to the CNIL, the big fine and the publication of it are justified by the severity of the infringements in relation to three of the basic principles of the GDPR. Transparency, information and consent. The CNIL also emphasizes that there are ongoing, extensive infringements and not individual incidents.

Google has since responded to the $57 million fine by challenging the penalty. The grounds for this is because they argue that the process is “as transparent and straightforward as possible.”

Time will only tell how Google and inveitably, other big players will respond to allegations of data breaches and who will win out in the end.

Header Image

Santa Claus gets caught in the GDPR trap!

Santa Claus gets caught in the GDPR trap! 1200 628 HR-ON

Santa Claus has gotten in big trouble and it isn’t because of a red nosed reindeer…

In fact, Santa has found himself in big trouble with the GDPR police. A spokesman from EU states that it was the lines “He’s making a list / He’s checking it twice; / He’s gonna find out who’s naughty or nice / Santa Claus is coming to town”, who drew attention to Santa’s seemingly illegal practices related to personal data.

Articles 8, 9 and 10 of the GPPR appear to have been violated. For example, there is a lot of ambiguity as to whether Santa Claus has obtained explicit consent from the parents of the users who are often children under the age of 16.

Santa Claus is now awaiting for the next step from EU and puts pressure on the fact that children from all over the continent are in danger of not getting Christmas gifts this year! In the EU, the situation is taken seriously and therefore the panel is working to incorporate a special Santa Claus clause into the Personal Data Regulation, a so-called “Santa Clause”, which will allow Santa Claus to continue his business on the European continent without breaking GDPR.

At the same time, the case has generated a lot of discussions among Santa’s elves and in order to avoid problems in the future, the chief elf has decided that in the future they will use the HR-ON’s recruitment system in order to handle incoming Christmas gift applications and the applicants’ data.

Don’t worry boys and girls, we welcome Santa Claus here at HR-ON and know just how to help him be GDPR compliant in the future!

 

Header Image

Cracking down on GDPR culprits

Cracking down on GDPR culprits 1600 771 HR-ON

Let the GDPR penalties begins

In many places in Europe, penalties and large fines are already being imposed for breaches of personal data laws.

There is hardly any way of avoiding the fact that on 25 May this year, EU introduced the long-awaited Personal Data Protection Registry (GDPR). Needless to say, not all companies have met up to the strict rules, therefore the authorities have started to clean up the sinners.

Computerworld writes that the German Data Protection Authority has awarded the first fine according to the new rules. It is the big German dating site Knuddels.de that has to pay 20,000 euros, after the company was hit by a hacker attack.

The attack resulted in the hackers, among other things, being able to steal 330,000 users’ passwords and email addresses. Although Knuddel.de itself was exposed to a crime, the digital burglars revealed that the passwords were found as unencrypted text.

According to Computerworld, the German Computer Inspectorate states that Knuddels.de has been cooperative in getting the data security in order, and that the fine could have been much higher.

Personal messages to psychologists

In Denmark, the Danish Data Protection Agency has, according to DR, just reported the therapy portal, GoMentor.

It was the user Ann Pettersson who originally approached the Data Inspectorate. She had contacted a psychologist at GoMentor for help with stress. Then, without a password, she was given access to read four other clients’ confidential communication with the processors.

– These were psychological problems of a sexual nature. There were psychological problems in relation to abuse, alcohol, drugs, childhood problems. Really difficult personal stories, says Ann Pettersson to DR.

She has apparently gained access to the correspondence because different types of users can be mixed together under certain circumstances.

GoMentor’s director, Troels Sletved, did not want to be interviewed about the case, but confirms in writing to DR that there has been a breach of personal data security.

He writes that they are very sorry that the breach happened and that they take their data responsibilities very seriously and they are in the process of ensuring that personal data is processed properly and confidentially.

GoMentor has initiated a major investigation with external consultants to solve the problems.

Uber paid hackers and didn’t tell anyone about it

Although the British are on their way out with brexit, GDPR continues to apply for them. The British Data Inspectorate ICO has given the driving service Uber a fine of £ 385,000 equivalent to € 440 080 million for not having adequately protected the user’s data before a hacker attack. The hackers could therefore download data on 2.7 million UK customers including their full name, email and telephone number.

When Uber became aware of the attack, the company chose to pay the hackers $ 100,000 to destroy the stolen data rather than informing their customers about the big leak.

The hacker attack took place before the GDPR came into force, and Uber did not have any formal disclosure obligation at that time. However, the ICO does not conceal that the cover-up along with the payment to the criminals has influenced their decision.

In the Netherlands, Uber also just got a fine.

Hospital used false profiles

In Portugal too, the authorities have begun to break down on GDPR breaches. In July, a hospital received a fine of € 400,000 because of not having control over their personal data security.

The hospital staff had access to patient data through false profiles, and doctors had unlimited access to patient information beyond what was relevant to their expertise. The hospital defends itself by saying that they were only using the healthcare platform provided by the Portuguese Ministry of Health.

Fill out the information and we will contact you as soon as possible.

FÅ EN GRATIS DEMO

Lad os ringe dig op og aftale en uforpligtende demonstration.

HR-ON Logo
OM HR-ON

HR-ON er en cloudbaseret programpakke, der gør jeres HR-arbejde lettere, sjovere og ikke mindst meget mere effektivt. Kort fortalt får I styr på hvem, der skal gøre hvad og hvornår. Samtidig har I overblik over, at det rent faktisk også bliver gjort.

Børsens Gazelle pris 2018
Logo af virksomhedspagt
Charter mangfoldighed
ISA

Østre Stationsvej 27, 3   //  DK-5000 Odense C   //  +45 71 99 07 27   // sales@hr-on.com //  CVR: 34474540