tomHRM Platform GDPR Compliance
GDPR, the new EU regulation on the protection of personal data, entered into force on 25 May 2018. All EU member states must comply with the new regulations.
GDPR, or the General Data Protection Regulation, applies to all companies that store and process personal data.
If you use an ATS system for recruitment, it has to comply with GDPR requirements, as well as it should allow you to manage personal data not only in a compliant, but also a convenient, fast and easy way.
How tomHRM allows you to comply with GDPR requirements
|GDPR requirements||tomHRM Feature|
|Candidate’s consent to the processing of personal data||We provide a tool that allows for collecting candidates’ consent for the purpose of the current or future recruitment process in a structured manner. Consents can be registered or withdrawn in tomHRM.|
You can also browse candidates based on the type of consent, as well as ensure the correct way of candidate record processing according to the registered consent.We comply with the right to withdraw consent.
We comply with the right to be informed.
|Personal data processing period||You can configure the desired period of candidates’ personal data processing to not forget deleting it.|
You can also enable the automatic deletion of candidate’s data after a certain number of days which will allow you to automate your work.
We comply with the right to be forgotten.
|Deleting data and limited processing||In tomHRM, you can effortlessly delete the candidate’s personal data and easily notify the candidate about it.|
You can also limit the processing of the candidate’s personal data by moving to a talent pool.
We comply with the obligation to delete data or limit its processing.
|Data migration||You can use the option of exporting the candidate’s personal data to a CSV file.|
We comply with the right to data portability.
|Data storage||Data is stored in the European Union.|
|Appropriate security measures||We have implemented technical and organizational security measures.|
The difference between a personal data processor and an administrator
Personal data processor: tomHRM
Personal data administrator: You
tomHRM is a processor of personal data, meaning that:
- processes personal data on the basis of a written agreement with the Administrator (You), which includes information regarding the scope and purpose of personal data processing,
- cannot use this data for other purposes than the ones agreed with the Administrator (You),
- never provides this data to other entities,
- helps the Administrator (You) comply with the obligation of responding to requests of persons whose personal data are processed.
If you need more information on GDPR compliance, contact us using the contact form.