GDPR is the term used to describe a series of major updates to the EU data protection law that came into effect on May 25th, 2018.
This is directly applicable to businesses in the UK, even with Brexit on the table.
GDPR provides citizens of the EU with greater control over their personal data and offers assurances that their information is secure, regardless of whether the data processing takes place in the EU or not.
Over a year ago, Contract Job Search began the important task of preparing for the General Data Protection Regulation (GDPR) – a law designed to protect the personal data and privacy of EU residents.
While working on this implementation we have seen that the main principles behind the law are genuinely good for our users. The regulation aims to make personal data processing more transparent and to give people more control over their data.
Whether GDPR only applies to EU citizens, we have to adopt the same good policies for all of our users. The new rules are effective 25th of May 2018.
The following two documents apply these rules to our service:
● Our Data Processing Agreement (DPA), which regulates our responsibilities as a job board and web site, thus allowing our clients to be confident their data is held and processed compliant with GDPR.
Processing of your personal data
1. You Provide Minimum Data And Are In Control Of It
The first thing you need to know is that we collect the minimum data needed to provide our stellar service. When you sign up with Contract Job Search, you provide your contact and billing information. We need these to process your orders, keep you updated about scheduled maintenance, and send information related to the services you use. You can edit this data, download it and request profile deletion through your customer area.
Please be aware however that should you request profile deletion whilst you have advertisements that are live, these advertisements will need to be removed from the web site too. No refunds will be given, but this does not impact you rights to request removal of your personal data.
2. We Share Your Data With Secure Partners Only
To provide all services around your contract job advertisements we share some of your data with external providers like SSL providers, and payment merchant provider compliant with PCI requirements. All such partners are GDPR-compliant themselves.
3. You Control Your Email Subscription Preferences
If you’ve given us your express consent, we also use your email address to update you on your contract job advertisements performance, special offers, and to announce new products. This consent can be withdrawn or modified at any time through your user area or by emailing is with your request through ‘contact us’ on our web site.
4. We Keep Only Aggregated Browsing Data
Processing of the data uploaded on your account
As a provider of a job board we have responsibilities in handling your data as a data processor. This means that when our customers use our services to store any personal data on the servers of Contract Job Search, we are required by the GDPR to meet some criteria for handling this data. You can see below some of the major points explained:
1. Transparent Security Measures
One of our main responsibilities is to provide adequate security measures. We review our policies and processes on a quarterly basis, along with implementing software services for the protection of our web site.
2. Minimum Access Principle
We only access data that our customers store on our servers only to the extent needed to provide our services and to make sure only employees and contractors that are directly involved with the provision of the service have access to it.
3. We Provide Access To Secure Partners Only
Sometimes our partnering companies need access to the data uploaded on our servers so that we can provide our service. Our security and webmaster partner is an example of such a partnering company. We have a long-standing relationship with our security and webmaster partner and ensure both parties have sufficient security, understand and are compliant with GDPR. Furthermore, we provide access only to partners that have the same or higher level of data protection as the one we guarantee you through our data protection policy.
4. Any Personal Data Breach Is Timely Disclosed
Our data protection policy responsibility includes timely disclosure by Contract Job Search, if a personal data breach is detected by us to have happened on the servers used by our clients. We are obliged to notify our affected customers within 72 hours.
5. Our Data Protection Policy Helps Us Monitor And Manage GDPR-Compliance.
Our new data protection policy does not make our site GDPR compliant on its own. We continue to monitor the many ways that we collect personal data through offering existing and new products and services that result in collection of personal data. At Contract Job Search we are proud to have this covered for everyone from day one of GDPR launch and monitor any amendments that may follow.