Taking effect on 25 May 2018, the GDPR is the new framework for data protection laws in Europe. Due to increasingly technologically driven and globalised data communications, the GDPR readdresses personal data transfers for EU citizens to ensure greater data control and security, within and outside the EU.
Data and Graduate Recruitment Bureau
GRB, which includes our subsidiary companies Cortex Recruitment, Metrica Recruitment, Quota Recruitment, Graduate Recruiters Network and Graduate Mentor, take data privacy and security seriously. We have carefully complied with the Data Protection Directive 1995 and Data Protection Act 1998, have strong data security measures in place, and have never sold or exchanged jobseeker or client data. GRB are now committed to meeting the requirements of the GDPR to further strengthen our data processing and user control of data.
Compliance with the GDPR
As part of our meeting the standards of the GDPR, the following are examples of areas of compliance that will take effect by 25 May 2018:
This will be easily accessible via our websites, outlining how data is collected and processed in line with the GDPR.
Right to be Forgotten
Users will more easily be able to request deletion of data via email and online request forms, including the full deletion of user accounts.
Opt-Ins and Subscription Management
Users will more easily be able to request access to data and edit their subscription choices via email and online request forms.
GRB will only use data processors who meet GDPR requirements. The companies and their GDPR statements will be made accessible, with details of how they process data on behalf of GRB.
Our data security is being reviewed and further improved. Examples of measures being taken include implementing regular internal password changes, increasing the complexity of passwords, limiting access of internal data to identified relevant staff, and providing further data security training.
Retention of Data
Measures are being put in place to identify how long data is necessary to retain, and for deletion of data that is no longer reasonable to retain.
Data Protection Officer
A Data Protection Officer will be appointed.