The 25th May 2018 has passed. Where do we go from here?
The new regulation has resulted in keen awareness of the kinds of personal information being gathered, processed and stored by businesses and organizations. For many, the number of companies getting in touch to request updated contact information came as a surprise and raised a lot of questions: Did I freely give my personal data to so many organizations? What was done with it?
The GDPR increases awareness and control over how individuals’ private data may be used. This is a long overdue change, given the amount of data amassed by organizations and the prior limits in accountability to persons sharing their details.
Psychometric Testing and GDPR Compliance
The new legislation has important implications for those of us working with psychometric tests. If you conduct testing for businesses and clients, or process assessments at the request of others, you work with personal data.
While the GDPR is consistent with many existing psychometric test user’s privacy policies, very specific processes and guarantees of individual rights are now required. It is a good idea to review your own data privacy and security policy to evaluate consistency with the new legislation.
More than just ensuring legally required procedures are in place, compliance with the new legislation may require a change in perspective. Fulfilling the new obligations to protect individual data will require dedication and effort. Both businesses and individuals will continue to learn about their rights and responsibilities under the new legislation. Compliance with the GDPR is an on-going process, rather than an accomplishment.
With this in mind, we’ve put together some useful resources related to psychometric testing and GDPR compliance. Even if you were well-prepared for the 25th May, these references may help you in moving forward:
A useful webpage summary from the British Psychological Society of the key changes with the GDPR legislation, including individual rights, the data protection principles and definitions of data subjects, processors and controllers. Links to further useful sources of information are provided.
This brief paper by Andreas Lohff from Cut-e presents considerations for recruiters related to the GDPR. It includes discussion of the rights of job candidates.
The website for the Data Protection Commission provides specific, highly detailed implications of the GDPR for individuals and organizations. It contains useful links and will be regularly updated, so may be a good resource for tracking new developments.
This website provides extensive and easily navigated information on all components of the GDPR. It is a thorough and highly useful reference source.
We hope this information will help you to monitor and maintain your compliance moving forward.