GDPR Compliance Assurance
Statement to our Clients, business partners and employees (April 2018)
Commitment
The EU General Data Protection Regulation (GDPR) (Regulation (EU) 216/679) will be one of the strictest pieces of privacy legislation globally, strengthening the rights EU individuals have over their data, and creating a uniform data protection law across Europe, and the laws apply even beyond the borders of the EU. As such, it is recognised that compliance is a shared responsibility and all organisations will need to adapt business processes and data management practices.
Calibre Recruitment will comply with the GDPR mandate when it comes into force on 25 May 2018. We believe that privacy is a very important right for citizens and wishes to assure our clients and all who deal with us, that we are working hard on ensuring compliance in all areas of our business.
Within this statement we wanted to highlight the measures we have put in place to ensure compliance with the GDPR where we hold or process personal data.
Data Protection Officer
Calibre Recruitment has designated a Data Protection Officer (DPO) who is taking full responsibility for all matters relating to data protection and GDPR compliance.
Security and Business Continuity Measures
Calibre Recruitment seeks to ensure the confidentiality, integrity and availability of the personal data we store or process. We maintain appropriate technical and organisational security measures to protect personal data against accidental or unlawful destruction or loss, alteration, unauthorised disclosure or access.
In demonstration of this, we have put in place a range of policies, processes and procedures including (but not limited to):
- Data Privacy Notice
- Data Protection Policy
- Information Security Policy
- Retention, Archiving &
- Destruction Policy
- Data Breach Plans
- Business Continuity Plans
- Subject Access Request, alongside the Retrieval Policy
In addition, we are complaint with the following standard: ISO 9001:2015 certification for Quality Management Systems
Data Subject Rights
Under the GDPR there are significant enhancements to the rights that individuals enjoy with regards to their personal data.
Our staff (FTE and temporary workforce) have been made aware of the forthcoming law and their rights using the Subject Access Request form (SARs), as well as their responsibility to respecting and protecting client and other individual’s data.
Data Breaches
Under the GDPR, we must notify any data breaches without undue delay. Calibre Recruitment therefore have processes and procedures in place for identifying, reviewing and promptly reporting data breaches.
FAQ
- We hold very little personal data relating to client or business partners, but we do hold a large number of employee (internal and temporary) data.
- The information collected and processed is for the sole purpose to provide temporary or permanent staff to clients (service user).
- No personal data processing is outsourced to third party. It is all dealt with at the Calibre office.
- We never share personal information without the individuals express permission, unless required to do so by law. Neither do we do not sell or lease personal information to third parties. Currently, we are in the process of:
- Regaining consent from Calibre employees (FTE and Temporary);
- Reviewing Calibre employee contracts to address GDPR compliance; and
- Reviewing all our Client Contracts / agreements (Terms of Business): agreements to address GDPR compliance.
- All Calibre personnel have completed training in the concepts and requirements of data protection law. Subsequently, the team have embraced the ethos of data protection to adopt best practice and procedures on how they process and hold personal data.
- Our technology platform has been modified, but we are still undergoing some changes for a more robust system to meet our GDPR obligations.
What’s Next?
At Calibre, we strive to deliver an incredible service to our clients. The team at Calibre will monitor the GDPR implementation as it moves forward over the next few months, and will continue to make additional operational changes resulting from the new legislation.
We will keep our clients, employees, business partners and regulatory authorities informed throughout the process.