GDPR Compliance for HireAbility.com
I offer my personal assurances that Hireability is fully compliant with GDPR in its intention, execution, and practice. – Stephen K. Kenda, CEO, HireAbility.com
What is GDPR?
The European Union (EU) General Data Protection Regulation (GDPR) is a set of industry regulation that became effective on May 25th 2018. The purpose of the legislation was to give EU citizens greater control over the data that they provide online. GDPR covers companies that are operating within the EU and for companies that offer services within the European Union electronically, that track / store personal data in aggregate.
What is the purpose of GDPR
With the expansion of the internet came the very real question of data ownership, and determining the rights and responsibilities of all persons residing within the EU in relation to their digital-selves. To this point the Parliament and Council of the European Union passed EU Reg. 2016/679. Originally introduced in 2016 and passed in 2018, it replaces the Data Protection Directive from 1998. It makes sweeping changes to the management of data.
How is HireAbility Compliant with GDPR?
GDPR separates data services into two broad categories. These two categories are data controllers and data processors. HireAbility is a data processor. Data processors, like our parsing service ALEX, process personal data on behalf of the controller. During the processing of data, a data controller makes an API call to our server via a SOAP or RESTful protocol. HireAbility, the Company, never actually even ‘sees’ the CV/resume or job posting. The data is sent to our Amazon web services (AWS) servers located in Virginia U.S. Our software does no storage of any documents sent to the AWS servers nor does it store the results of the parsing service (structured data in HR-XML or JSON format). All parsing happens by using a restricted token security protocol. The system resources are reclaimed by the server after each parsing transaction.
We store no personally identifiable information (PII), we sell no data to any third parties, and we do not access the PII (unless requested by the client for quality assurance testing). ALEX only stores certain non-personally identifiable information (non-PII) post-parsing. We aggregate non-personally identifiable information for ALEX’s machine learning purposes (e.g., skills, cities, etc.) Read more regarding our privacy policy and statement here.