As of today, the European Union’s General Data Protection Regulation (GDPR) takes effect. I, along with our privacy team, have been working diligently to ensure that Entelo meets and exceeds these requirements.
GDPR’s fundamental value and message to all of us is that natural persons should have control of their personal data. We at Entelo could not agree more. We treat the personal data we control and process with the utmost care and that commitment only gets stronger with our GDPR compliance.
To clarify any questions you may have about Entelo’s compliance with GDPR, I highly recommend checking out this webinar, How Entelo is Preparing for GDPR. Here is a quick breakdown on the work that goes on behind the scenes to ensure our customers and our candidates are protected:
Entelo is both a controller and a processor of data under GDPR, but what does this really mean?
When it comes to our customers’ data, we are a processor. Our customers give us information about their recruiting teams and we are only authorized to use it as that team permises us to do so. If that team decides to no longer be a customer of ours, we lose the permission to use their information.
When we collect candidate information, however, we act in the role of a controller. A controller under GDPR is an entity that has decision making power for how that data will be used and we take this responsibility very seriously. Internally, my team and I spend a significant portion of our time thinking about the data we license and acquire.
Entelo runs on Amazon Web Services which is a physically secure, employs modern software security techniques, requires multi-factor authentication for access and meets global security standards.
To be a controller that is GDPR compliant, we must have a legal basis for collecting EU data. Processing is lawful if one or more of the following apply:
- Performance of contract
- Compliance with a legal obligation
- Vital interests
- Public interest
- Legitimate interest where the individual’s rights are not overridden
Entelo relies on the legal basis of legitimate interest. Not only do we provide a service to recruiters in helping them find hard to find, qualified candidates, but we believe that we help individuals to be reached for job opportunities. Our interest doesn't hurt these candidates, in fact it's quite the opposite. This service goes in hand with fundamental rights to the freedom to work.
However, there are certain pieces of data, like race, political affiliation and religion, that fall into a special category that require explicit consent outside of Entelo’s basis of legitimate interest. This brings up questions around a special functionality within Entelo, Entelo Diversity, which was built to help companies make progress on diversity and inclusion initiatives. This function was built for high integrity reasons, however, because the data that feed this function would not be GDPR compliant we will disable the diversity function for any job searches that happen for EU job candidates.
Privacy and security is one of the most important things to me and our team at Entelo. It is integral to the service we provide as well as maintaining the high integrity standards of our teams. As recruiting technology evolves and scales, I expect legal standards and compliance will transform and update as well.