JXT's GDPR commitment statement
JXT’s GDPR commitment statement
Dated: 10 February 2018
The EU General Data Protection Regulation (GDPR) is a major change to European privacy legislation. It has replaced the 1995 EU Data Protection Directive (European Directive 95/46/EC) and will strengthen the rights that individuals within EU will have over their data, creating a uniform data protection law across Europe.
JXT has taken significant steps to ensure that it will comply with applicable GDPR regulations as a data processor, once they have taken effect on 25th May 2018.
JXT will also be working with their clients to ensure they meet their GDPR obligations.
JXT is committed to comply with the EU data protection requirements applicable as a data processor.
We have been preparing for GDPR:
Our ability to fulfil our commitments as a data processor to our customers, the data controllers, is a part of our compliance with GDPR where data controllers are using a third-party like us to process personal data. Because of this requirement, Bullhorn has worked extensively with local EU counsel to provide that our Master Subscription Agreement and related agreements contain appropriate provisions for personal data we store, and balance the risks and responsibilities between data controllers and data processors.
Third-party audits and certifications:
JXT conducts yearly security audits to ensure security protocols are being followed, these audits are conducted independently.
JXT has also implemented a range of reviews and audits that cover the key elements associated with GDPR. These elements are: Corporate Governance, Change Management, Access Control and Management, Data Redundancy, Backup and Software Architecture, and Software Development
Because GDPR imposes certain requirements on data controllers regarding the portability of personal data, JXT has been working on data portability, The data JXT stores on behalf of its clients is theirs. JXT allows for exporting of data through its platform.
Your responsibility as a JXT Client:
JXT clients for GDPR are the data controllers.
Below is some information that you may want to consider.
Read the outline on the Information Commissioner’s website. Assess how it may differ from your current data protection obligations and be be sure to consider the relationships you have with both your clients and candidates. Keep in mind that the new regulations may require solutions which effectively meet the stringent requirements that have been established.
Understand your data and processes:
Review how you collect and use data for your business, as well as how you store, control, and process the data. Make sure that you comply with new requirements, any gaps should be addressed as soon as possible. We suggest that you:
1. Review the data you collect
2. Review your internal data documentation
3. Ensure you have a lawful basis for processing the data
As with all policies, this may be subject to change, making it important that you stay up to date. If the documentation and policies are confusing to you, you should consider engaging a legal expert in the field of privacy. We recommend regular review of the Information Commissioner's website, which is the UK representative within the EU working group: Article 29.
JXT is working towards a key implementation date of 25 May 2018. We will continue to educate our staff and clients as to how they can be compliant
JXT has taken care in preparing this statement and is correct as of May 2018. JXT are not experts in GDPR, if you are not aware of your obligations you should seek legal advice. This document is for informational purposes only. It is subject to change or removal without notice.