Don’t worry, this isn’t another overly-detailed dive into the depths of GDPR...
But, we take video interviewing seriously, therefore, we take GDPR seriously!
Video interviews are taking over the recruitment industry, and in 2019, this trend is set to skyrocket. As an increased number of agencies adopt video into their strategy, it's a function that will soon become the norm.
So, what does this have to do with GDPR compliance?
As a recruitment agency, if you use a third-party video interview software solution that isn’t GDPR compliant, your agency can run into serious trouble. If the company you choose fails to meet its compliance obligations, your agency, as the Data Controller in terms of DP legislation, might be held responsible and ultimately suffer the consequences.
As a third-party supplier to the recruitment industry, we understand the importance of compliance, that’s why we underwent the GDPR boot camp!
Here are our top 3 things to look out for when choosing a video interview software solution:
1. Candidate Consent (GDPR compliant consent)
How the recruiter gains consent when performing a video interview is extremely important. For consent to be GDPR compliant, the candidate must be offered a clear explanation of the intended processing of their personal data (the Fair Processing Notice).
If the intention to film and record the individual is raised once the recording has started, the permission is likely to be deemed inadequate and non-compliant. The approval must be requested before filming when there is no pressure for the candidate to agree, and where the candidate still has the option to decline.
To adhere to GDPR compliance, Hinterview makes it impossible to commence the recording until the candidate has read and agreed to the terms and conditions. Once approved, the webcam connects, but the recording won't begin until the candidate has been briefed and appropriately informed.
When choosing a video interview software for your agency, this question should be at the top of the list.
2. Storage (GDPR compliant storage of a video interview)
There are a specific set of storage requirements that a video interview software company must follow. The recording can’t be randomly thrown in an online folder, it must be placed in a designated, safe and access-controlled environment.
When choosing a video interview software, it’s important to check the company have the appropriate functions that allow you to delete your recordings when necessary.
Under the storage limitation principle of GDPR (Principle 5), the organisation must not retain any data if you no longer require it for the purposes defined and agreed upon. Your video interview company must provide the tools required to delete recordings, but remember that it’s the responsibility of the Data Controller (the recruitment agency) to do so.
3. Accuracy (GDPR compliant searches and tags)
Any personal data stored must be as accurate and as current as possible in order to achieve the intended purpose. This means the third-party video interview company you decide to engage needs to have the functions required to search for and find past recordings in order to allow them to be updated.
Hinterview enables users to leave notes on any recording. This way, if a recruiter did need to update a candidate's information they can do so easily and efficiently. All recordings can be located via identifiable tags. As thousands of video interviews are recorded each month, you can imagine this could get a little messy without an appropriate filing methodology.
The video interview software companies who do not save their recordings in an identifiable and searchable area are putting agencies at risk. If your candidate requests that their personal information is deleted (which is one of the individual rights under the GDPR), but the data can't be located, the organisation could find itself in trouble with the Information Commissioner’s Office (ICO).
Great. So what does this mean for you?
Ultimately this means your agency needs to invest in a supplier you trust entirely. If your third-party service provider cannot demonstrate the ways in which they address these essential data management principles and fulfil their GDPR obligations, then you need to keep looking!
Look out for companies who have proactively invested in achieving compliance and have gone through the paces themselves, in order to keep your agency, your reputation and your candidates’ data, safe.
In the case of Hinterview, we entrusted Sytorus, a leading provider of data protection solutions, to delve deep into our process and ensure that we have the policies and protocols in place to fulfil our compliance obligations.