On 25th May 2018, the European General Data Protection Regulation will come into force. We’d like to take this opportunity to explain the regulation and exactly what we’re doing to ensure compliance. Our policy in this area is very strict. Given that we operate the Career Center by JobTeaser in several European countries, we’ve designed it carefully so that it already complies with European law.
The JobTeaser platform is a meeting place for recruiters, students and recent graduates, as well as schools and universities, where a great deal of information is shared between lots of different people. In this video, we explain exactly how and why we’re adapting to this new regulation. You’ll find a transcript of the video just below.
How and why we use data
We collect data to keep the platform running smoothly, but also to improve how we’re able to create relatable content and send relevant notifications to students.
We classify this data into two separate categories:
- Firstly, content: this includes job offers and careers events, and it comes from JobTeaser’s customers and partners, as well as former students.
- Secondly, we manage data provided by students: their first names and surnames, study programmes, CVs, that type of thing.
There is a fundamental difference between these two kinds of data. Information on students is of what we call a ‘personal nature’, meaning we can only use it within a strict legal framework. It is vital for us to be able to ensure that whenever you use JobTeaser, we’ll manage your data in accordance with the law in its current and any future forms. This data security requirement is shared by the hundreds of schools and universities we work with. We take it very seriously.
Understanding the GDPR
On 25th May, the law is changing. French regulations will align with those of the General Data Protection Regulation, or GDPR, which is European legislation designed to strengthen and standardise personal data protection within the European Union.
In France, the GDPR is hardly revolutionary: the Loi Informatique et Libertés, as well as the regulations provided by the CNIL, already provide extensive coverage. However, three significant changes are coming, which means:
- personal data can only be collected and processed in accordance with reinforced guidelines (i.e. data protection will need to be considered from the outset, any data processing will have to be traceable, service providers will be strictly monitored, );
- the law will require companies to be more transparent, meaning people will have to be made fully aware of how their data is processed (who is processing their data? why? who is the data being sent to? for how long will it be stored? );
- penalties for non-compliance will be significantly higher.
The GDPR is based on five key guidelines for managing the personal data of students and graduates, meaning we’ll have to:
1. ensure it has a clear purpose, in other words, a clear objective with specific recipients;
2. only collect relevant data, so just the information we genuinely need;
3. limit the amount of time we store data and tell people about this;
4. respect the rights of the individuals involved when collecting any data;
5. keep data safe.
JobTeaser is committed to providing you with a turnkey Career Center solution. To make things easier for you, we will protect and handle the processing of personal data on your Career Center for you. That means you’ll have no extra work to do in ensuring your Career Center conforms to the GDPR. In this document, we’ll outline the GDPR’s five key guidelines and explain how JobTeaser is responding to each of them.
How JobTeaser will protect your data and that of your students
1) Ensuring it has a clear purpose
In practice, this means that our general terms and conditions of service and our confidentiality policy explicitly state how data will be used on JobTeaser. We use data to help students get into the world of work, which is JobTeaser’s number one goal. We also make it clear that the information students provide on JobTeaser can be shared with their schools and universities, as well as recruiters, and we systematically ask for their consent to do this as they navigate through the platform.
You have access to some information within JobTeaser’s back office. This helps you support students as they prepare for entering the world of work. That’s why we’ve developed the statistics module, CSV exports for job offers and careers events, as well as information on the registered users module, for example.
2) Only collecting relevant data
In practice, this means we won’t ask for information we don’t need. As the goal of the Career Center is to help students get into the world of work, we need to collect some important information: year of graduation and degree programme. However, we’ll never ask users for their home address or telephone number, for example. We do suggest students provide additional information that could be useful to a recruiter, such as a link to their LinkedIn profile or their CV, but this is not compulsory.
3) Limiting the amount of stored data
We apply this limit to both time, for example, by deleting inactive profiles, and place: JobTeaser stores all its data within the European Union, where the regulations apply.
To further strengthen the security of our infrastructure, we will shortly migrate our servers to the Amazon Web Services European Region. We have also ensured, as part of our global approach, that only data centres physically located inside the European Union will be used.
4) Respecting everyone’s rights
We have to obtain students’ consent to use their data. But we should remember at this point that any student information or content on the platform does not belong to us. Content always belongs to the students themselves, or the person who posted it, and we only allow content to be distributed with their express permission. For example, students must agree to our terms and conditions of service when they sign up, and if they upload their CV to the platform, we tell them who might be able to read it.
That’s also the reason we don’t send marketing emails to users directly, beyond their email alerts for job offers and careers events. We send you marketing material so that you can communicate with your students and young graduates yourself. Any communications with students and recent graduates who are registered on the platform will only be sent via the platform itself and sending students’ personal information to companies is only permitted in explicit cases (for example, to apply for an advertised job or careers event).
5) Keeping data safe
Last but not least, the final guideline is that of data security. At JobTeaser, our efforts take many forms. We’ve created different types of accounts for school and university administrators so that we can ensure only those who need the information have access to it. This initiative limits the potential risk of an administrator’s password being stolen, for example.
But our efforts aren’t just limited to our own platform. In May 2018, we’ll migrate to the European Region of Amazon Web Services to provide even more data protection.
More generally, our contracts with subcontractors have been reviewed to ensure they comply with the GDPR. In order to adapt our portal to local legal requirements in Germany as well, we work together especially in Germany with an external data protection officer provided by TÜV Süd, who takes care of all issues relating to data protection and data security at our company.
Finally, we’re ensuring that good practices are understood and applied across the board at JobTeaser: we’ve implemented an Information Systems Security Policy for our employees, introduced strict confidentiality clauses, and we also limit access to our production servers for employees.
Any questions on what we’re doing? Want to find out more? Speak to your contact at JobTeaser or write to us at the following address: firstname.lastname@example.org.
Next blog posts
Here are our best tips to set up a career services department when starting from scratch and up to an advanced level.
Relive all the best bits of the Career Services Day 2018 and download presentations from the event.