Broadbean is committed to continuous improvement, ensuring we hold ourselves in compliance with all necessary regulatory standards including GDPR.
As data processors, Broadbean often hold Personal Data on behalf of our clients but we also recognise that different customers will have different requirements from our products in this regard.
We provide a range of configurations, tools and features to accommodate these different requirements in order to allow our clients to manage their data and compliance measures and effectively implement their own policies and compliance standards.
For example, we allow customers to define their own data retention periods appropriate to their business purpose and provide automated methods to remove expired data; provide extra ways to capture candidate consent or distribute privacy policies; and provide candidate detail retrieval, export and delete facilities for clients to manage their Data Subject Access Requests, Data Portability and Data Erasure rights.
Further information is available in our Data Processing Agreements and associated schedules and policies, listed below.
Data processing agreement: Direct Employers and RPO
What's in it?
Data processing agreement: Recruitment Agency
Obligations of Broadbean as a data processor
Obligations of data controllers we're working with
The procedure in the case of a security breach
Deletion/return of data and data retention procedures
Collection and use of personal information of users of Broadbean applications
Details of the personal information we collect from users and why
Third party data policies
Protection and retention of data
Useful external links
We've put together a list of resources we hope you'll find useful when considering your GDPR compliance.
Information Commissioner's Office (ICO) Guide to General Data Protection Regulation (GDPR)
ICO advice on lawful basis for processing personal data, covering Consent
ICO advice on lawful basis for processing personal data, covering Legitimate Interest
Official WP29 guidelines on obtaining and demonstrating valid consent under GDPR
The ICO have published some further detailed guidance on legitimate interests, including some examples specific to the recruitment industry towards the end of the page
If you want to know more, simply get in touch with us.