General Data Protection Regulation (GDPR)

Executive Outline

The EU (European Union) has implemented GDPR (General Data Protection Regulation) on May 25, 2018, for regulations regarding new data privacy and protection. It summarises the company’s main responsibilities with the motive of ensuring that data of private individuals is processed only for particular purposes and transparently.

This regulation has a long-lasting impact right from encryption and data storage to the individual rights on their data management system. It aims at providing convenience in international business processes when dealing with EU natives by unifying the regulations of data privacy under an EU umbrella. It is mandatory for all the organizations which are dealing with the EU in subjects of data.

We, at Mytat, take all the rules and regulations seriously and that is why we remain adhere to regulations taken out by the law as well as grant the functionality of products which enable our clients to stay adhere to regulations. We have given a brief about Mytat’s strategy to adhere to the GDPR's regulations in the following sections.

GDPR Compliance of Mytat

We assist our clients to get an automated evaluation of the candidates with the help of our assessment platform. As per GDPR, we act as a Data Processor and our clients act as Data Controllers. As a Data Processor, the entire information of the candidate which we collect will be securely handled through appropriate data protection. According to GDPR's regulation in Article 32, we will make sure that there will be an incident response plan to handle an unexpected incident that can put the personal information of candidates at risk.

Permit of Data Subject

As a Data Processor, we need candidates to use their login id for accessing our tests as well as we allow our clients to get the additional information such as location, gender, resume information, name, education, and many more. The entire information of the candidate's profile which is requested by our client for collection will come under GDPR purview.

As per the GDPR’s Article 5, personal data of any individual can be gathered for specified legitimate and explicit reasons but not further processed in a way which is not compatible with transparency, lawfulness, and fairness.

Also, as per the GDPR’s Article 6, the lawful reasons for the process can be any from the following:

  • The processing is essential for carrying public interest tasks or official authority’ exercise vested in the controller.
  • The processing is essential for protecting the data subject’s vital interests
  • Permitted data subject
  • The processing is essential for the compliance through legal obligation where the controller is subject
  • The processing is essential for the legal interests purposes either pursued by a third party or by the controller

Mytatwill make sure that we take permits from the candidates to make the whole processing fair as per the terms of GDPR. Through messaging, we will update all the terms & conditions which shows that the information is processed in a transparent and fair way.

Processing and Management of Data

In the following three sections, we have mentioned that after obtaining the data how we process and manage it:

Transfer of Data

We have the specific data processing agreement and transfer as per the EU standard in order to make sure that we are meeting the GDPR’s norms.

Storage of Data

Our company provides flexibility to clients in the duration of data storage.

Secure Data Processing

The data can be accessed only through a secured email id and password as well as we encrypt and secure data of candidates at rest. Clients will also be assured that we are serious towards their data security.

Rights of Data Subject

The Data Subject Rights provided by GDPR are mentioned below:

  • Right to be Forgotten
  • Right to Access
  • Right to Object
  • Right to Rectification
  • Right to Data Portability

Our organization has established information requirements to be processed, collected, and stored as mentioned in Article 5. We also provide our client's configurable tools that offer them the flexibility to decide their data policy, which are mentioned below:

Deleting the candidate's information in which only the personal data can be removed whereas the non-personal data will get anonymized. Edit and export the information of the candidate as well as maintaining its record.

Mytatkeeps a detailed Audit track of each and every activity as well as it can also add any activity as per the requirement of the client. The client can also retrieve all these tracks.

Mitigation Process and Data Breach

Mytathas enough data to monitor the mechanisms in all the places so if there is any breach, we will come to know about it very soon. We will notify the client within 24 hours as per mentioned in Article 33.

GDPR commitment of Mytat

We will take all the necessary steps to ensure our clients’ defensibility and security as well as to meet the standards of GDPR.