As part of our commitment to providing a safe and secure service for the management of your private candidate data, we have developed Gem to operate within the requirements of the General Data Protection Regulation (GDPR) . GDPR is a European privacy law that went into effect on May 25th, 2018. It is based upon the European understanding that privacy is a fundamental human right. Established by the EU Parliament, the GDPR regulates how individuals and organizations can obtain, use, store, and remove personal data. It gives EU citizens and residents control over their personal data, and simplifies the regulatory environment for international business that takes place in the EU.
Here is an overview of how Gem has prepared to meet the new regulation requirements:
- We offer a data processing addendum (DPA) for our customers who collect data associated with individuals in the EU. Our DPA offers contractual terms that meet GDPR requirements and that reflect our data privacy and security commitments to our customers.
- We reviewed and identified all the areas of Gem where we collect and process customer data. We validated our legal basis for collecting and processing personal data, and we ensured that we apply the appropriate security and privacy safeguards across our infrastructure and software ecosystem. Our Privacy Policy identifies what we do with the data we collect and how we manage consent.
- We are committed to helping our customers meet the data subject rights requirements of GDPR. Gem processes or stores all personal data with fully vetted vendors with whom we have a DPA in place. We store personal data until your account is deleted, after which we dispose of all data in accordance with our Terms of Service and Privacy Policy.
- One of the GDPR requirements is a managed data protection impact assessment (DPIA) process. A DPIA process is a way to help us identify and minimize the data protection risks of a project. The Gem engineering team has always undergone security and privacy due diligence when choosing tools and making implementation decisions, so this requirement is easy for us. Any time we introduce a change to the way we handle personal data, we discuss the potential impact on Gem customers and explore possible privacy and security risks to personal data. If any risk is identified, no matter how small, our product and engineering teams collaborate on a solution to mitigate the data privacy and security risk to anyone who interacts with the Gem platform. We will continue to execute this risk assessment process as we expand Gem’s offerings.
You can also visit https://www.gem.com/compliance/security for additional information on Gem’s compliance with GDPR.