Q: I am completing a compliance report. What steps can I say eBoss has put in place to ensure compliance with GDPR?
A: We have ensured that each of the following steps will either be in place before May 25th, or is already a standard part of eBoss company policy:
1. All data subject data is stored on servers located within the EU only;
2. All data subject data is encrypted;
3. All data subject data is pseudonymised;
4. All data subject data is backed up and easily recovered or restored to prevent permanent loss;
5. No data subject data is ever transferred to a location which is not protected by the GDPR or regulation that has been recognised as equivalent to the GDPR;
6. We have updated the terms of service and privacy policies for web users, customers, and clients;
7. we have informed web users, customers, and clients of their new rights and obligations under the GDPR;
8. We have established new service agreements for data controllers which limit the services provided by eBoss and our subprocessors to those that remain within GDPR best practices at all times;
9. we have selected subprocessors only if they are able to demonstrate GDPR compliance prior to May 25th;
10. we have undertaken orientation and staff training on best practices under the GDPR;
11. we have undertaken preliminary risk assessments on the processing of data subjects’ personal data;
12. we have mapped a thorough and ongoing risk assessment process which will continue to update our understanding of the GDPR and create a knowledge base of risks and threats to personal data that we process.
References:
Article 28, GDPR
Article 32, GDPR
Additional Information:
This is the question we field most often. We have tried to offer as complete an answer as possible. That said, every recruitment enterprise is different. If you do not find the specific information you are looking for below, do not hesitate to send us your own question.