DeepHire GDPR Compliance
GDPR Compliant Video Interview Platform - DeepHire is a video interview platform that strives to ensure that recruitment organizations are fully GDPR compliant.
We provide a transparent platform where recruiters have access to tools and processes that will ensure compliance. Our platform records candidate consent, helps keep data accurate, records requests to delete data and allows you to keep records securely. It also ensures that data is only used for the purpose it was collected for by recording all engagement and communication during the recruitment process and limiting access to sensitive data.
We adhere to The 7 Data Management Principles of GDPR
- Fair, Transparent & Lawful Processing. Ensuring that we acquire personal data in a fair and transparent way and have a legal basis to do this.
- Purpose Limitation. We only use personal data for the specific purpose that it was collected.
- Data Minimisation. We only collect personal data from candidates that is required for the recruitment process. No additional data is collected or stored.
- Data Accuracy & Quality. We proactively ensure that personal candidate data is accurate and up-to-date and supply tools for our clients to maintain accurate records.
- Retention/Storage Limitation. We ensure that we do not keep personal data for too long.
- Security & Confidentiality. We have robust online and physical security managed by Amazon Web Services (AWS). AWS offers state of the art security and has certification for compliance with ISO/IEC 27001:2013, 27017:2015, 27018:2014, and ISO/IEC 9001:2015.
- Accountability & Liability. AWS offers a GDPR-compliant Data Processing Addendum (GDPR DPA), enabling DeepHire to comply with GDPR contractual obligations. The AWS GDPR DPA is incorporated into the AWS Service Terms, and the DPA applies automatically to all customers globally who require it to comply with GDPR.
Candidate access to data:
- Candidates are given the tools to request deletion of their data from our system.
Candidate Consent (GDPR compliant consent) How a recruiter gains consent when performing a video interview is extremely important. For consent to be GDPR compliant, DeepHire offer a clear explanation of the intended processing of their personal data (the Fair Processing Notice). If the intention to film and record the individual is raised once the recording has started, the permission is likely to be deemed inadequate and non-compliant. The approval must be requested before filming when there is no pressure for the candidate to agree, and where the candidate still has the option to decline. To adhere to GDPR compliance DeepHire makes it impossible to commence the recording until the candidate has read and agreed to the terms and conditions. Once approved, the webcam connects, but the recording won't begin until the candidate has been briefed and appropriately informed.
Storage (GDPR compliant storage of a video interview) There are a specific set of storage requirements that a video interview software company must follow. The recording can’t be randomly thrown in an online folder, it must be placed in a designated, safe and access-controlled environment. DeepHire data structure and AWS security ensures we meet these criteria.
Data Deletion When choosing a video interview software, it’s important to check the company have the appropriate functions that allow you to delete your recordings when necessary. DeepHire provide these tools both to recruiters and candidates. Under the storage limitation principle of GDPR (Principle 5), the organisation must not retain any data if you no longer require it for the purposes defined and agreed upon. Our video interview platform provides the tools required to delete recordings, and we are proactive about keeping data up to date.