The GDPR standardizes data protection law across all 28 EU countries. It creates and enforces new strict rules on controlling and processing personally identifiable information, or PII — which describes any kind of information that relates to an identifiable individual. Moreover, the GDRP extends the protection of personal data and data protection rights by giving control back to EU residents. The GDRP went into force on May 25, 2018, replacing the 1995 EU Data Protection Directive.
GDRP applies to all organizations holding and processing personal information from EU residents, regardless of location. The General Data Protection Regulation aims to harmonize data privacy laws and provide consumers with more control over their personal data, enforcing more transparency over the information collected by various organizations. It also serves to ensure that any information collected is well-cared-for and adequately protected.
We've devised a customized approach to GDRP compliance to help our clients become GDRP-ready.
Data Controller
As a staffing/recruiting agency or an employer, You act as a
Data Controller. The data controller determines the purposes for which and how any personal data are or are to be, processed. More often than not, the Controller contracts a third party, known as a data Processor, to collect and process data. The Controller provides directions as to how these activities should be carried out and what their purpose is.
The way we assist you to stay compliant with the GDPR
Display your Privacy Policy notice on your careers website. Alternatively, you can also link to it.
Always ask applicants for consent for the collection and processing of their personal data.
All emails you send include a link that allows candidates to request a data correction or full deletion of their personal data.
All candidate requests should be processed from a centralized platform/dashboard.
We store all your data on the servers located in the EU.
Establish retention periods for your Candidate Profiles. Reduce the risk of keeping unnecessary, inaccurate, or out of date information.
Data Processor
Because Glorri stores and processes data on behalf of you, the Controller, We act as a
Data Processor. Glorri carries out data operations only as per your instructions/directions to provide you with the desired end result. As such, you (the Controller) stay in control while we (the Processor) handle the technical side.
The Glorri Approach to GDRP Compliance
To raise awareness we hold informative meetings with our employees about the GDPR and regularly measure its effect to our business. We defined all the steps to properly protect the Personal Data of our customers.
We have contracted with a professional Data Protection Specialist who will be responsible for obtaining, keeping and transferring of the customer data and defined procedures to conduct a data audit within our company.
Data Protection Specialist - Tural Mehdi
We sign a Non-Disclosure Agreement with all our employees to restrict unauthorized access to customers’ data and regularly improve our internal procedures to ensure protection of our customers’ personal data in high level.
We made our Privacy policy compliant with the GDPR which displays clearly our approach to obtaining, keeping and transferring of the customer’ data. We regularly update our Privacy Policy and keep our customers’ always up-to-date on any changes that we made.
We store our customers’ data on the servers located in the EU on the following address:
Contabo GmbH
Aschauer Straße 32a
81549 Munich