Please bear in mind that nothing in this article is intended to provide you with, or should be used as a substitute for, legal advice.
What is GDPR?
Coming into force on 25th May 2018, the GDPR is an attempt to strengthen, harmonise, and modernise data protection law and enhance individual rights and freedoms. The GDPR applies to any organization that uses the personal data of people located in the EU.
If your Job Board has users in the EU, either job seekers or hiring companies, then the GDPR will apply to you. You should consult with a GDPR specialist regarding the full scope of your compliance obligations.
Does Smartjobboard comply with the GDPR?
Smartjobboard welcomes the GDPR as an important step forward to enhance data protection across the EU and the globe and as an opportunity for us to strengthen our commitment to data protection. As such we have undertaken the following:
A Data Protection Officer has been appointed
We have analysed what personal data we process and confirmed our lawful basis for processing
We have created a Data Protection Agreement to give you legally binding guarantees that any data you share with us is afforded the highest level of protection (here is a link for you to get the agreement)
Our data breach response procedure has been improved
We’ve made necessary changes in the software to help our customers comply.
Why has Smartjobboard not signed up to the Privacy Shield?
Smartjobboard has incorporated standard contractual clauses into our Data Processing Agreement while also incorporating Article 28 of the GDPR to the extent we feel we have gone above and beyond to protection afforded by privacy shield for the transfer of data to any third country. It is not mandatory to sign up to Privacy Shield but we do respect the principal’s of the Privacy Shield and all data protection initiatives.
What are my responsibilities as a Job Board?
You will typically act as the data controller for any personal data you collect in connection with your Job Board. The data controller determines the purposes and means of processing personal data, while the data processor processes data on behalf of the data controller. We are a data processor and processes personal data on behalf of you in that we store the data of your users on our systems.
You should also seek advice from a GDPR specialist relating to your status and obligations under the GDPR, as only a qualified specialist can provide advice specifically tailored to your situation.
If you would like to be put in contact with our preferred partner regarding GDPR please contact us here.
Where should I start to comply?
As a Job Board the following are some tips on where to start your compliance journey:
Consider creating an inventory of personal data that you handle.
Review your current data protection controls, policies, and processes to assess whether they meet the requirements of the GDPR, and build a plan to address any gaps.
Put in place a Data Processing Agreement with your data processors. Here’s a link for you to get a copy of ours.
Monitor updated regulatory guidance as it becomes available
Where do I get Data Processing Agreement with Smartjobboard?
Data Processing Agreement is a written contract between data controller (which is you - job board owner) and data processor (which is Smartjobboard), and is required under GDPR.
Then you’ll need to sign it and send it back to us to sales@smartjobboard.com.
How do I collect Privacy Policy consent from my users?
One of the main GDPR requirement is to get user consent when collecting their personal data. For this you need to collect consent to your Privacy Policy during the registration.
Here is what you’ll need to start collecting a consent to Privacy Policy:
Review and modify to your particular business circumstances the Privacy Policy template page in your Content > Pages section.
Enable the “Privacy policy opt-in on sign up” setting in Settings > System Settings > Privacy Protection.
When this is done your users will be required to give an agreement with Privacy Policy during registration.
How do I collect Cookies consent from my users?
Within the EU there should be a Cookie Banner and you can collect explicit (I agree) or implied (By continuing to use...) consent when users a coming to your site.
For displaying the Cookie Banner and collecting a consent from your users we recommend using simple https://cookie-bar.eu/ tool.
Here are instructions on how implement it for your site:
Visit https://cookie-bar.eu/ website and go to “INSTALLATION & CONFIGURATION” section.
We recommend selecting “The website uses tracking cookies” and “The website uses third party cookies” options and inserting your Privacy Policy URL to the “URL of your custom Privacy Page” field.
Copy the code snippet from the bottom of the page. Then go to your Smartjobboard admin panel, paste it to the Custom JS field in Appearance > Customize Theme, and click Save.
The Cookie banner will be displayed on your site after you finish.
How do I delete all user data in case a user asks for it?
According to GDPR rules you as a site owner must be able to delete all user data upon user request (right to be forgotten).
In Smartjobboard this either can be done by a user himself in My Account > Account Settings.
Or you as an admin can do it in Job Board > Job Seeker Profiles.
In both cases all user data will be completely deleted from your job board.
How do I export personal data for a user in case a user asks for it?
Also, GDPR requires to be able to export all user personal data and provide it to a user in a digital format upon his request.
In Smartjobboard you can easily do this using standard export tool in Job Board > Job Seeker Profiles (or Employer Profiles) > Export. All users will be imported into one Excel file.
After export is done you’ll need locate a particular user using the search function, copy a row from the spreadsheet and paste it to a separate file. You may then provide this file with user information to a user.