Assign topic to the user
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Answer:
Legitimate Interest is one of the six lawful/legal basis for processing personal. The other five are a legal obligation, pursuance/execution of a contract, to protect the vital interests of the data subject or some other person, to perform a public task and consent of the data subject. If you want to get more information on the legal basis on which you can process personal data check out this article Is consent needed? Six legal bases to process data according to GDPR: https://advisera.com/eugdpracademy/knowledgebase/is-consent-needed-six-legal-bases-to-process-data-according-to-gdpr/
2. With your other clients, during the Human Resource application and hiring processes, are consents needed when an employee applies for a job AND when hired?
Answer:
The lawful basis in recruitment I usually pursuance of a contract as both parties are interested in concluding a work contract (labor agreement). Only for unsuccessful candidates, if yo u want to still keep their CVs you would need to rely on either legitimate interest or consent.
3. If an employee applies over the internet, how is Consent generally obtained?
Answer:
As I mentioned while answering your question consent is not usually used in recruitment. However, if you want to consent over the internet usual there is a checkbox that the data subject needs to check.
4. Could the applicants' consent be considered given freely s the job applicant is giving their personal data on the application?
Answer:
The lawful ground for processing CVs is pursuance of a contract and not consent.
5. Also, what are the definitions of Legit Interest Purpose?
Answer:
Legitimate interests mean that the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. The GDPR highlights certain purposes that either ‘constitutes’ legitimate interest or ‘should be regarded as’ a legitimate interest. These are fraud prevention, network, and information security; and avoiding possible criminal acts or threats to public security. There are just some examples.
6. Lastly, do you have guidance on how other clients have documented their use of Salesforce? I believe Salesforce is used to collect names and business email address for marketing purposes.
Answer:
Usually, Salesforce should be considered a processor on behalf of its clients and a Data Processing Agreement should be in place between Salesforce and its Clients. If you use Salesforce to collect data ensure that you have a lawful basis correctly identified in this case it would be either consent or legitimate interest. If you want to find out more about marketing and GDPR check put this free webinar How GDPR affects marketing practices: https://advisera.com/eugdpracademy/webinar/how-gdpr-affects-marketing-practices-free-webinar-on-demand/
Comment as guest or Sign in
Jul 19, 2019