The Adapt system has functionality to assist new and existing customers (the data controllers) with their internal General Data Protection Regulation processes.
We have reviewed the guidance from the ICO on the legislation https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/. to put some key functionality into place.
Agencies need to review all parts of the legislation to be confident as a business, they have processes in place to be compliant, should they be audited.
Agencies should fully assess all the personal data they are holding, and decide which lawful basis they should be using for data processing. Resources in place on the ICO website include:
- Lawful Basis for processing personal data: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/
- Controllers Checklist: https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/.
- FAQs and the Lawful basis Interactive tool can be found here: https://ico.org.uk/for-organisations/resources-and-support/getting-ready-for-the-gdpr-resources/. This will help Agencies to establish their basis for processing data e.g. Legitimate Interest, Consent etc.
We do not advocate any particular lawful basis for data processing of Personal Data as provided for in the GDPR, but have put functionality in place for Recruitment Agencies to track either the Consent or the Legitimate Interest bases,
alongside their own internal processes. The Adapt system also has functionality for Agencies to uphold an Individual’s rights.
When appropriate we should remind our clients that as with all communications with clients, our communications are for “informational purposes only” and no legal or compliance advice or guarantee is intended with respect to any laws or regulations, including but not limited to the GDPR. The clients must base its processes, guidelines and decisions on their own policies, procedures and independent decisions. We strongly recommend that client consult with its own legal counsel familiar with customer’s legal requirements and legal/regulatory obligations related to legal and regulatory compliance. In no event whatsoever will we be liable to clients for the results of any of client’s decisions made with respect to the use of the software or service.
“Data Processor” means either Bond International Software (UK) Limited or Bond International Software, Inc., as the case may be , each via the Adapt branded software
“Data Controller” – the Agency
“Individual” – means Candidate or Contact as the principles of GDPR apply to both. A Contact's work email address, or private contact number etc, are still considered to be their personal data.
“Personal Data” means any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people.
“Sensitive Data” means “special categories of personal data” such as genetic data, biometric data where processed to uniquely identify an individual, and the procession of criminal convictions and offences. The Adapt Software does not process Sensitive Data and we discourage our clients from attempting to store Sensitive Data in their production instance.