GDPR Compliance

Broadbean is committed to continuous improvement, ensuring we hold ourselves in compliance with all necessary regulatory standards including GDPR.

As data processors, Broadbean often hold Personal Data on behalf of our clients but we also recognise that different customers will have different requirements from our products in this regard.

We provide a range of configurations, tools and features to accommodate these different requirements in order to allow our clients to manage their data and compliance measures and effectively implement their own policies and compliance standards.

For example, we allow customers to define their own data retention periods appropriate to their business purpose and provide automated methods to remove expired data; provide extra ways to capture candidate consent or distribute privacy policies; and provide candidate detail retrieval, export and delete facilities for clients to manage their Data Subject Access Requests, Data Portability and Data Erasure rights.

Further information is available in our Data Processing Agreements and associated schedules and policies, listed below.

Data processing agreement: Direct Employers and RPO

What’s in it?

Obligations of Broadbean as a data processor
Obligations of data controllers we’re working with
The procedure in the case of a security breach
Deletion/return of data and data retention procedures

Data processing agreement: Recruitment Agency

What’s in it?

Obligations of Broadbean as a data processor
Obligations of data controllers we’re working with
The procedure in the case of a security breach
Deletion/return of data and data retention procedures

Broadbean Application Privacy Policy

What’s in it?

Collection and use of personal information of users of Broadbean applications
Details of the personal information we collect from users and why
Third party data policies
Protection and retention of data

Additional Information

Useful external links

We’ve put together a list of resources we hope you’ll find useful when considering your GDPR compliance.

Information Commissioner’s Office (ICO) Guide to General Data Protection Regulation (GDPR)

ICO advice on lawful basis for processing personal data, covering Consent

ICO advice on lawful basis for processing personal data, covering Legitimate Interest

Official WP29 guidelines on obtaining and demonstrating valid consent under GDPR

The ICO have published some further detailed guidance on legitimate interests, including some examples specific to the recruitment industry towards the end of the page

If you want to know more, simply get in touch with us.