<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=555865791448670&amp;ev=PageView&amp;noscript=1">

Hire job fit candidates. Faster.

All Posts

Inteview Mocha-GDPR Readiness

 

General Data Protection Regulation (GDPR) is all set to come into effect on 25th May 2018. GDPR will certainly be a positive move, shedding light on consumer privacy and data security, creating more value for customers. GDPR aims to fortify and unify data protection within the European Union.

GDPR has outlined specific laws and regulations that organizations dealing with citizens/ consumers (data subjects) of EU (European Union) should abide by. The GDPR is all about the rights of the data subjects vis-a-vis their data as well as roles and responsibilities of organizations collecting/ using this data.

Being a pre-employment skill assessment software, the most relevant forms of data for Interview Mocha include personally identifiable information or (PII), which can include people’s name, email addresses, telephone numbers, and any other information that reveals someone’s identity.

Our team at Interview Mocha has worked diligently to ensure that we are compliant with the regulations stipulated by GDPR and have refined our product which in turn empowers our customers to be GDPR compliant as well.

Interview Mocha’s approach to GDPR compliance

For efficient evaluation of candidates, organizations are required to collect identifiable data, essential to building candidate profile. Our customers use Interview Mocha’s assessment platform to assess skills of candidates. Since we process the candidate data on behalf of our customers, we become Data Processors while our customers are Data Controllers. While processing the data for our clients we have ensured that we have complied with GDPR in the below ways:

Rights of Data Subjects

Article 5 of GDPR stipulates personal data can be “collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (‘lawfulness, fairness and transparency’)”.  In addition to the above, Article 6 of GDPR states the lawful reasons to process data are as below:

  • The data subject has given consent to the processing of his or her personal data for one or more specific purposes;
  • Processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract;
  • Processing is necessary for compliance with a legal obligation to which the controller is subject;
  • Processing is necessary in order to protect the vital interests of the data subject or of another natural person;
  • Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

In accordance with this, Interview Mocha has updated its terms & conditions with messages that clearly mentions how we process information in a fair, transparent, and legal manner with the explicit consent of the data subject.

Interview Mocha has the mechanism in place to honor a data subject’s right to revoke their consent, the right to be forgotten, and rectify the data.

While GDPR states that the data subject can revoke their consent at any time, it also permits this request to be declined by the data controller if the processing of this request is required for legitimate purposes.

Data Management and Processing

Secure Data Processing by design and default:

In compliance with Article 25 of GDPR, we ensure that the highest possible safeguards for Data security have been put in place. All candidate data is secured and encrypted at rest. In addition to this, our assessment platform is designed to process and store information using appropriate security measures.

Data Storage

As per GDPR guidelines, PII data should not be stored indefinitely. Interview Mocha has provided its customers (data controllers) the right to define the length of time their candidates’ personal data is to be stored and when it will be deleted.

Data Transfer

Article 46 of GDPR states that if the customer (data controller) and Interview Mocha (data processor) have entered into a contract, and if the data processor has appropriate security measures in place, the data can be transferred outside EU borders.  Interview Mocha has a standard EU- specific data transfer and processing agreement to ensure compliance with GDPR.

Record Maintenance

Article 30 of GDPR stipulates that each data controller’s representative needs to maintain a record of all activities concerning the personal information of a data subject. Interview Mocha on its part maintains a detailed Audit log which enables its customers to maintain the data record.

Data Breach Notification Process

In accordance with Article 33 of GDPR, any data breach has to be reported to the supervisory authority within 72 hours of the occurrence. Interview Mocha has adequate data monitoring measures to be intimated of any such breach. On discovery of such a breach, Interview Mocha will notify its customers (data controller) within 24 hours. The communication will be sent as per the guideline mentioned in Article 33. This ensures sufficient time for our customers to inform about the breach to the respective authorities.

Data Protection Officer

In keeping up the regulation, we have appointed a Data Protection Officer (DPO) to ensure the protection of data, internal monitoring, and compliance with GDPR. For any GDPR related queries, you can contact our DPO, Neha Kulkarni on support@interviewmocha.com

The way ahead

Interview Mocha is fully GDPR compliant with the requisite changes made in our software to ensure our customers are GDPR compliant as well.

If you have any questions related to our GDPR compliance, please drop us an email on support@interviewmocha.com

Happy Recruiting!
Neha Kulkarni
Neha Kulkarni
Technical writer at Interview Mocha

Topics: Product

Related Posts

Advice for HR Pros: Managing in a crisis and paving ahead – Shreerang Tarte, Fellow of World HR Board shares insights

The COVID-pandemic has forced businesses to rethink their strategies to adapt to the new norm. We spoke to a fellow of World HR Board, Shreerang Tarte, to get a deeper sense of how organizations are getting impacted. He shared tips on the best way forward and laid out steps that can be taken to ensure your people function is engaged, well-supported, and productive. Shreerang has proven experience in designing Talent Acquisition strategies, establishing industry-university connect programs, designing organization structure, compensation, and employee engagement strategies. An active speaker at various HR forums, Shreerang has also served as the President of South Asian HR Summit. 

A future-proof hiring and assessing strategy for Data Scientists in 2020

Just a decade earlier, storing and maintaining data was a nightmare: there weren’t enough processes, inadequate infrastructure, and the lack of technological know-how to create that data into valuable information. However, with rapid technological advancements, we now live in a data rich environment. Around 2.5 quintillion bytes of data is generated and processed every day. Even the AI/ML algorithms have matured slowly to process this data. Therefore, it only seems fitting that data science is a job that has observed a high demand in the market lately. 

Exploring the future of recruiting in the post-COVID world: A conversation with Shreerang Tarte, HR Specialist at JSM Consulting

The ongoing COVID pandemic has resulted in varying impacts for businesses. Among the numerous facets of operations that have been affected, recruitment and hiring is a function greatly impacted. With firms having to reassess their hiring and onboarding, we connected with Shreerang Tarte, HR Specialist at JSM Consulting, to understand how firms are affected, coping mechanisms, and the best way forward.