JXT's GDPR commitment statement
JXT's GDPR commitment statement
Dated: 10 February 2018
The EU General Data Protection Regulation (GDPR) is a major change to the European privacy legislation. It has replaced the 1995 EU Data Protection Directive (European Directive 95/46/EC) and will strengthen the rights that EU individuals have over their data, and creating a uniform data protection law across Europe.
JXT has taken significant steps to ensure that it will comply with applicable GDPR regulations as a data processor when they take effect on 25th May 2018.
JXT will be working with our clients to ensure they meet their GDPR obligations.
JXT is committed to comply with the EU data protection requirements applicable as a data processor.
We have been preparing for GDPR:
Our ability to fulfil our commitments as a data processor to our customers, the data controllers, is a part of our compliance with GDPR where data controllers are using a third-party like us to process personal data. Because of this requirement, Bullhorn has worked extensively with local EU counsel to provide that our Master Subscription Agreement and related agreements contain appropriate provisions for personal data we store, and balance the risks and responsibilities between data controllers and data processors.
Third-party audits and certifications:
JXT conducts yearly security audits to ensure security protocols are being followed, these audits are independently conducted.
JXT has also implemented a range of reviews and audits that cover the key elements associated with GDPR. These elements are: Corporate Governance, Change Management, Access Control and Management, Data Redundancy and Backup and Software Architecture and Software Development.
JXT has also worked on data portability as GDPR includes certain requirements on data controllers for the portability of personal data. The data JXT store on behalf of its clients is theirs.
JXT allows for exporting of data through the platform.
Your responsibility as a JXT Client:
JXT clients for GDPR are the data controller.
Below is some information that you may want to consider.
Read the outline on the Commissioner’s website. Assess how it may differ from your current data protection obligations and consider the relationships you have with both your clients and candidates. You should be aware that the new requirements may require new solutions that meet the stringent requirements ahead.
Understand your data and processes:
Review how you collect and use data for your business and review how you keep, control and processes the data to ensure that you comply. If there are any gaps you should address them asap. This is what we suggest you do:
1. Review the data you collect
2. Review your internal data documentation
3. Ensure you have a lawful basis for processing the data
As with all policies, they can change and it is important that you stay up to date. If the documentation and policies are confusing to you, you should consider engaging a legal expert in the field of privacy. We recommend regular review of the Information Commissioner's website, which is the UK representative within the EU working group: Article 29.
JXT is working towards the key implementation date of 25 May 2018. We will continue to educate our staff and clients as to how they can be compliant.
JXT has taken care in preparing this statement and is correct as at February 2018. JXT are not experts in GDPR, if you are not aware of your obligations you should seek legal advice. This document is for informational purposes only. It is subject to change or removal without notice.