The EU General Data Protection Regulation (GDPR) will replace the 1995 EU Data Protection Directive (European Directive 95/46/EC), with effect from 25th May 2018. The new regulation will strengthen and unify data protection for all individuals within the European Union and be enforced by the Information Commissioner's Office (ICO).
Will GDPR affect how I use WorkTools’ services?
The new regulations will not affect your ability to register your details with us, nor access our database, in line with our terms and conditions, which are kept up to date in line with all data protection regulations.
Remember, GDPR is not being introduced to stop candidates from finding work.
Handling candidate data and contacting candidates
When candidates register with WorkTool Ltd, they are doing so in order to be contacted by recruiters and prospective employers about job opportunities. Therefore, as a business we can continue processing the data supplied by candidates who register with Work Tool Ltd, as it is in their, and our, legitimate interest to do so.
Furthermore we will continue to give our registered candidates control over their contact preference options, including the option to delete their account. When a candidate deletes their account via the website, we immediately remove their details and CV from the CV Database. All personally identifiable information (PII) is completely removed from our systems within 30 days. We will also provide a way for our clients to know of any candidates who have deleted their CV from our database, via the client login area. You are responsible for updating your own records in order to remain compliant.
How will Work Tool manage the right to erasure?
We will provide a way for you to keep up to date on any candidates that exercise their right to erasure from our database. You are then responsible for updating your own records in order to remain compliant. See 'Handling candidate data and contacting candidates' for more information.
How long does Work Tool keep data for?
Candidate data is held for as long as individuals keep their accounts, and is deleted upon request.
Searching the CV Database
After GDPR comes into force, nothing will change in the way clients can search our CV Database. We will continue to give candidates control over the sharing of their personal data, and give them the option to hide their CV so it cannot be searched for, or found, as part of the CV Database service.
Will you be making changes to any data protection agreements, including service agreements, due to GDPR?
Our Terms and Conditions will be updated to clarify the relationship between Work Tool and its clients, and the new terms will be available on www.Work Tool.co.uk.
You are responsible for protecting the data you control and process under the new GDPR principles and we recommend that you familiarise yourself with the core principles to ensure you're compliant.
In what geographic region is our data stored?
All of Work Tool's servers are in the UK. When we use cloud providers for a specific purpose, these servers are in the EU.
How does Work Tool keep its data secure?
We use industry best practice security including data encryption at rest, data transport using secure certificates, access controls and two factor authentication to protect against the unauthorised access of the data we hold.
What is the incident management process in the case of a data breach?
We have a full incident management process to investigate suspected or reported data breaches, which takes into account the requirements of GDPR, including the notification of the data subject and the Information Commissioner's Office (ICO).