Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Talent pool as a Saas and the company needs to manage GDPR - you still have acces to your data. Still open how you monitor the company as required by GDPR, but at least you can redirect angry candidates.


In that scenario, you are the data controller and the GDPR obligations ride on you.


Yes, but the obligations are very different.

(simplified)

* You need to have a data processing agreement with the Saas company X.

* You need to tell candidates in your privacy information that you send data to X

* You need to make sure X is properly implementing the data processing agreement (currently not clear how you do this except using e.g. PwC to review X)

If you have the data, you need to tell the candidate what you do to protect it, backup it, restrict access to it etc.

(also if e.g. the talentpool feature is provided by LinkedIn based on LinkedIn data you're not responsible under the GDPR, only if you sent data to X or X collects data on your behalf e.g. in a web form)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: