Build Winning Teams with iMocha

GDPR is Finally Here and We are Ready!

Read More

Company News, Diversity & Inclusion, iMocha Engineering Product Updates Remote Hiring Skills Assessment

All Posts
25 May, 2018

Inteview Mocha-GDPR Readiness

 

General Data Protection Regulation (GDPR) is all set to come into effect on 25th May 2018. GDPR will certainly be a positive move, shedding light on consumer privacy and data security, creating more value for customers. GDPR aims to fortify and unify data protection within the European Union.

GDPR has outlined specific laws and regulations that organizations dealing with citizens/ consumers (data subjects) of EU (European Union) should abide by. The GDPR is all about the rights of the data subjects vis-a-vis their data as well as roles and responsibilities of organizations collecting/ using this data.

Being a pre-employment skill assessment software, the most relevant forms of data for iMocha include personally identifiable information or (PII), which can include people’s name, email addresses, telephone numbers, and any other information that reveals someone’s identity.

Our team at iMocha has worked diligently to ensure that we are compliant with the regulations stipulated by GDPR and have refined our product which in turn empowers our customers to be GDPR compliant as well.

iMocha’s approach to GDPR compliance

For efficient evaluation of candidates, organizations are required to collect identifiable data, essential to building candidate profile. Our customers use iMocha’s assessment platform to assess skills of candidates. Since we process the candidate data on behalf of our customers, we become Data Processors while our customers are Data Controllers. While processing the data for our clients we have ensured that we have complied with GDPR in the below ways:

Rights of Data Subjects

Article 5 of GDPR stipulates personal data can be “collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (‘lawfulness, fairness and transparency’)”.  In addition to the above, Article 6 of GDPR states the lawful reasons to process data are as below:

  • The data subject has given consent to the processing of his or her personal data for one or more specific purposes;
  • Processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract;
  • Processing is necessary for compliance with a legal obligation to which the controller is subject;
  • Processing is necessary in order to protect the vital interests of the data subject or of another natural person;
  • Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

In accordance with this, iMocha has updated its terms & conditions with messages that clearly mentions how we process information in a fair, transparent, and legal manner with the explicit consent of the data subject.

iMocha has the mechanism in place to honor a data subject’s right to revoke their consent, the right to be forgotten, and rectify the data.

While GDPR states that the data subject can revoke their consent at any time, it also permits this request to be declined by the data controller if the processing of this request is required for legitimate purposes.

Data Management and Processing

Secure Data Processing by design and default:

In compliance with Article 25 of GDPR, we ensure that the highest possible safeguards for Data security have been put in place. All candidate data is secured and encrypted at rest. In addition to this, our assessment platform is designed to process and store information using appropriate security measures.

Data Storage

As per GDPR guidelines, PII data should not be stored indefinitely. iMocha has provided its customers (data controllers) the right to define the length of time their candidates’ personal data is to be stored and when it will be deleted.

Data Transfer

Article 46 of GDPR states that if the customer (data controller) and iMocha (data processor) have entered into a contract, and if the data processor has appropriate security measures in place, the data can be transferred outside EU borders.  iMocha has a standard EU- specific data transfer and processing agreement to ensure compliance with GDPR.

Record Maintenance

Article 30 of GDPR stipulates that each data controller’s representative needs to maintain a record of all activities concerning the personal information of a data subject. iMocha on its part maintains a detailed Audit log which enables its customers to maintain the data record.

Data Breach Notification Process

In accordance with Article 33 of GDPR, any data breach has to be reported to the supervisory authority within 72 hours of the occurrence. iMocha has adequate data monitoring measures to be intimated of any such breach. On discovery of such a breach, iMocha will notify its customers (data controller) within 24 hours. The communication will be sent as per the guideline mentioned in Article 33. This ensures sufficient time for our customers to inform about the breach to the respective authorities.

Data Protection Officer

In keeping up the regulation, we have appointed a Data Protection Officer (DPO) to ensure the protection of data, internal monitoring, and compliance with GDPR. For any GDPR related queries, you can contact our DPO, Neha Kulkarni on support@imocha.io

The way ahead

iMocha is fully GDPR compliant with the requisite changes made in our software to ensure our customers are GDPR compliant as well.

If you have any questions related to our GDPR compliance, please drop us an email on support@imocha.io

Happy Recruiting!
Neha Kulkarni
Neha Kulkarni
Neha is a Product Marketer at iMocha with a strategic focus on go-to-market strategies. Neha loves introducing new technologies and products to customers and helps organizations optimize their recruitment plans.
Find me on:

Topics: Company News

Related Posts

Top 06 Skills Inventory Software to Consider in 2024

Today, businesses across industries face difficulties in keeping track of their workforce’s skills and capabilities, leading to missed opportunities, wasted resources, and mismatched project assignments.

Top 5 Skills Audit Tools to Consider in 2024

In a dynamic global skills landscape where job descriptions are ever-evolving, many organizations think their talent pool is scarce on skills. It’s because they lack visibility into their workforce’s knowledge, skills, and abilities.

Top 10 Internal Mobility Platforms to Consider in 2024

Employees today want more opportunities to learn and grow within their companies. So, filling a position internally must be easy, right? But how does an employee know about available opportunities, and how does a company sift for a resource internally before making costly external hiring choices.