Navigating Data Protection Compliance with OTYS
The introduction of the General Data Protection Regulation (GDPR) on May 25, 2018, marked a significant shift from the previous data protection laws. GDPR replaces older legislation and emphasizes the roles of 'data controllers' and 'data processors' over the previous 'responsible party' and 'processor' terminology. This new regulation brings substantial changes, primarily centered around enhancing individuals' rights and increasing recruiters’ responsibilities in safeguarding data privacy.
Both the prior legislation and GDPR are well understood by OTYS. Our clients have successfully operated within this legal framework. As an ATS, OTYS Go! needs to be fully compliant with GDPR legislation and OTYS as a company is committed to making it possible for OTYS customers to work within the GDPR mandate without complex integrations and configurations.
Understanding GDPR and its implications
In the broader context, GDPR compliance is essential, especially in industries like recruitment. GDPR defines several lawful bases for processing personal data, including:
- Consent: Obtaining clear, transparent, and voluntary consent.
- Contractual Obligations: Processing necessary for fulfilling a contract.
- Legal Obligations: Compliance with legal requirements, such as sharing data with tax authorities.
- Vital Interests: Data processing is required to protect someone's life.
- Public Task: Processing for official governmental functions.
- Legitimate Interests: When the data controller has a legitimate interest, with some exceptions.
These conditions determine the lawful grounds for processing data and influence the data retention period, which can be automated within OTYS based on your settings.
Automated compliance with OTYS
To streamline GDPR compliance within your organization, specific settings need to be configured or activated. These settings enable the automated management of data retention, including the scheduling of deletion dates and sending customizable emails with relevant information. Corresponding templates are available within the system.
Additional information on OTYS compliancy:
- Data Retention Management: Retention periods depend on the conditions that define lawful data processing. OTYS provides flexibility in configuring these periods to align with your specific needs.
- Security Measures: GDPR mandates that organizations implement suitable technical and organizational measures to protect data. OTYS ensures security through various means, including encryption, access controls, and regular audits.
- Data Transfers: OTYS stores data within the EU and maintains agreements with sub-processors to ensure data protection.
- Data Breach Reporting: In the event of a data breach, OTYS has a well-defined protocol for reporting to relevant authorities and stakeholders.
- Responsibilities: While OTYS offers tools and features to facilitate GDPR compliance, the responsibility for setting data retention periods and compliance settings rests with the organization. OTYS acts as a data processor based on these configurations. Organizations using different retention periods or GDPR/AVG settings must take responsibility accordingly.
In conclusion, while we've developed widgets, reporting capabilities, and automated solutions to simplify GDPR compliance, this guide provides a general overview. For comprehensive details and specific obligations, we recommend referring to the relevant data protection authorities or legal counsel.