GDPR Principles
GDPR Principles
Embedded Files
Here's a reminder of the key principles.
Fair, Transparent and Lawful
Fair, Transparent and Lawful
Is it Legal?
You need a lawful basis to hold onto someone's data. People you deal with need to know you're holding their data so they can exercise their rights.
How can you help?
Make sure you understand which legal basis your
Always be transparent with people
Make sure you point them towards your privacy policy
Purpose
Purpose
Did we explain how we plan to use it?
You can only use data for the specific purpose that it was given to you - so if someone gave you their CV for one role you can't necessarily use it for another role and it certainly doesn't mean you can use it for marketing unless they expect to hear from you in this way.
How can you help?
Don't use personal emails for marketing unless they are expecting to hear from you
Respect people's right to privacy
Adequate, Relevant and Limited
Adequate, Relevant and Limited
Is it relevant?
You can only record data that is relevant and necessary for the purposes of recruitment and executive search. So, think about whether what you are recording is really necessary for you to do your job.
How can you help?
Only record what you really need
Respect people's right to privacy (again!)
Accurate
Accurate
Is it up-to-date?
You have to keep any data you hold up to date. When you become aware of any changes such as new email address, telephone number or role, it's your responsibility to update your company records or ensure that someone else does it.
How can you help?
Update client and candidate information on the database
Don't assume someone else will do it
Time Limited
Time Limited
How long do we need to keep it?
Data should only be kept as long
as necessary. Your business has
created a data retention policy. This applies to all data including paper records and your email account.
How can you help?
Make sure you understand and follow the data retention policy
Don't destroy anything unless you are sure it's OK
Secure
Secure
Is it well-protected?
Data needs to be kept securely, whether it is held electronically or physically. Make sure you only store personal data in places and devices that are approved by your company.
How can you help?
Don't store data in unsecured locations or devices
Be vigilant and avoid unnecessary risks
Accountability
Accountability
As well as following the principles above, your business has to be able to demonstrate how it is complying with the GDPR. That's why your company may have introduced new policies and processes and it's why you are doing this training.
Page updated
Google Sites
Report abuse