GDPR – what is it?
It is likely that you will be aware of GDPR (the General Data Protection Regulation), the European regulation that will replace the Data Protection Act from May 2018.
At its heart is the need for organisations to be more transparent about how they use personal data in their business. This applies to all companies who hold information on European citizens – that includes your favourite social media sites, your bank, those companies you get nuisance calls from at home, and any other website you have signed up to or organisation you have shared your details with (whether knowingly or not) – as well as firms like us. As an individual, you have a right to know what information is being collected about you, how it will it be used and who it will be shared with. You can read more about GDPR on the Information Commissioner’s Office website.
What we are doing about GDPR
We believe that GDPR is good for the recruitment industry and that it will stop many bad practices that give the sector a bad name.
The privacy of our candidates and clients, and the security of the data we hold, has always been a top priority for this firm. For example, our internal systems ensure that your personal data is encrypted and stored safely in EU based data centres (see below for further information) and that no data is stored on devices (office or portable computers, tablets or phones). We have never shared your data with any third party other than for the purposes of conducting our business with you (e.g. if you are shortlisted for a job vacancy, or with your employer if we are coaching you) and, only then, with your agreement.
We have conducted an extensive Data Protection Impact Assessment and we are updating our Privacy Policy shortly, when final confirmation of some of the requirement is released by the Information Commissioner.
Your personal data is solely used for the business purposes of recruitment or management consulting (assessment, development, coaching etc) as necessary. If for recruitment, the data is used to assess your fit to vacancies. We will process your information to do this, and to contact you about opportunities and about our specific services. For other consulting activities we will use your data in the execution of the project only.
We believe that GDPR is good for the recruitment industry and that it will stop many bad practices that give the sector a bad name.
What we need from you
One of our requirements is that we need your consent to keep your data. We also need to ensure that the data we hold is up to date. It may be a while since we were last in touch and you may have updated your CV, changed your job, phone number, email address or location. To help us keep our information current we have an online form where you can update the key information we hold on you. this form will update our database. Even if you are not looking for a new role at the moment, this may change in the future and so it is important that you complete the information. You can access the update form by clicking here.
Security of your data
As a business, we subscribe to Microsoft Office 365 which offers industry-leading security measures and privacy policies to safeguard data. Our website is secured with SSL, the standard security technology for establishing an encrypted link between a web server and a browser. This ensures that all data passed between the web server and browsers remain private. Our database and CRM, which stores candidate and client information is encrypted using TLS 1.2 protocols, with certificates issued by SHA 256 based CA ensuring a secure connection from our browsers to the database service. It uses AES_CBC/AES_GCM 256 bit/128 bit keys for encryption, SHA2 for message authentication and ECDHE_RSA as the key exchange mechanism.
The database network is gated and screened by certified Intrusion Detection / Intrusion Prevention Systems. All accesses of data are controlled and audited.
Access to all bfpeople data sources is controlled using multi-factor authentication and controls are in place to restrict the ability to download or alter data.