General Data Protection Regulation
ETEACH'S COMMITMENT TO THE GDPR
The GDPR (General Data Protection Regulation) protects the data of all individuals within the European Union. The regulation came into effect on the 25th May 2018.
What is eTeach doing about the GDPR?
eTeach.com and FEjobs are fully GDPR-compliant web platforms. The system has recently undergone a fundamental upgrade in processes and services for schools and colleges. Additional upgrades will continue to be rolled out during 2018 which will allow all education establishments to take control over their own recruitment process and create a completely GDPR-compliant recruitment process.
Flexibility on school’s visibility of candidate data
Schools using the eTeach or FEjobs system have a great deal of visibility over applicant data, not all of which needs to be processed by all staff members. We understand that each school is different, so the system contains the facility to update your own account settings allowing you to:
- Specify the level at which each shortlisting team member can access candidate data
- Archive old vacancies thereby deleting applicant data from your account
- Pre-set the number of days for which applicant data is stored and automatically deleted
- Let candidates know how long you will be storing their applications.
Cyber essentials certification
eTeach has a certificate of assurance from Cyber Essentials which details our compliance with the requirements of the Cyber Essentials Scheme.
Microsoft cloud and security
By using Microsoft cloud, we are using industry-leading security measures and privacy policies to safeguard your data in the cloud, including the categories of personal data identified by the GDPR. Candidate data is safely and securely stored within the EU and all data traffic is securely encrypted. Our in-house systems implement secure passwords and registration and login processes compliant with GDPR, as well as fully encrypting web traffic.
All candidate data stored on eTeach and FEjobs servers and our backup systems are encrypted. Encrypting the data keeps it more secure and protects from hacking attempts.
What do eTeach customers need to do?
It is the recommendation of eTeach that schools move away from downloadable, paper forms, i.e. the attachment of word documents or forms that are emailed between the candidate, job board and hiring staff. In our view this method is not secure and will possibly mean many schools and HR providers will have a problem with GDPR compliance.
As a recommended alternative, we would advise making use of the eTeach online application forms. Using its bespoke online application forms, the eTeach system allows the collection of candidate data electronically, and delivers the data directly into your system to be processed or viewed as if through a secure window. Candidate data is secured behind an encrypted and password-controlled environment.
Furthermore, schools are encouraged to think about the questions on their application form and ask: ‘Do we need a candidate to answer this question in order for us to shortlist?’. National insurance number, bank details, and reasonable adjustments are a few examples of information that you generally don’t need to know when shortlisting. Minimising the number of questions asked will be a positive step in your school’s recruitment – not only will this reduce the risk of non-compliance, it will also streamline your recruitment process resulting in more candidate applications – 60% of schools and colleges lose excellent candidates due to long and arduous application forms.
Users of the online application method
Via our platform, customers have the option to include an equal opportunities form or exclude it completely. If schools choose to include it, eTeach has the capability to collect information of a sensitive nature and store it in a secure way. Once a candidate completes the equal opportunities form, the data will be transferred to a separate, encrypted database. Schools will have the ability to export this data by vacancy and date at the most granular level without exposing the individual candidates. This granular data will include the status of each candidate in a vacancy workflow.
As you move the applicant from one workflow to another, their data will be updated in the encrypted database. This way, at any point in time, you will be able to extract the data and examine the fallout rate of candidates for a single vacancy or a set period of time. This is all that is required to demonstrate your compliance to equal opportunities.
Users of a downloadable equal opportunities form
Once a candidate has completed and uploaded your equal opportunities form, it will be sent to the school at the email address chosen but will NOT be stored in the eTeach database.
Moving forward, schools must collect equal opportunities data on a separate form and not keep this data on the main application form as we believe that storing this data is both unnecessary and a major security risk. If you choose to continue to collect equal opportunities data within your main application form, it is at your school’s risk and eTeach will take no responsibility. You will also not be able to report on the data as detailed above and will need to compile your own statistics.
Frequently Asked Questions
Does eTeach/FEjobs undertake any marketing?
How are we gaining consent from our mailing lists?
Do you keep a record of candidate consent?
How do you collect personal information?
What consent has been given by the applicants in terms of holding their personal data?
What do candidates consent to on eteach.com and fejobs.com?
Once candidates have uploaded their information on your system, at what point does it get deleted from your system?
Can an individual request to be taken off your website?
Where will candidate data be processed and where will the data be stored?
What policies and procedures do you have in place to protect personal data?
When members of staff with access to eTeach/FEjobs leave, when are their accounts removed from the system?
Does your organisation obtain any personal data from third party sources?
Have you appointed any sub-processors?
Do you transfer or store data outside of the EEA?
Is your organisation required to appoint Data Protection Officer (DPO)? If so, what is the name of your DPO?
Has eTeach Group carried out GDPR training for their members of staff?
What arrangements are you putting in place to identify any data security breaches?
What technical and organisational security measures do you have in place to protect personal data?
Who can access school or college data? Under what circumstances and what can they see? Is this access tracked?
How does your organisation ensure that personal data held on IT systems is kept up to date?
How do you manage the version release process on your platform to ensure adequate levels of data protection?
How long do schools or colleges have access to applications for?
Will there be any generic wording added to application forms or will that be the responsibility of the school or college?
Who owns candidate data when an application is made?
What is the best practice for dealing with applications that were not successful?
Do you have procedures in place to delete or return (at the Data Controller's choice) all personal data at the end of the agreement (unless by EU/member state law)?
Will you be able to maintain a record of all processing being carried out on behalf of a particular school, college or group?
Does your organisation make any decisions about individuals solely on an automated basis?
Do you process data about school or college staff to a website? If so, what?
Is any of the personal data that eTeach/FEjobs processes anonymised?
What is the nature and purpose of the data processing carried out by eTeach/FEjobs?
What is the subject matter and duration of the data processing carried out by eTeach/FEjobs?
What would happen to any data you hold if we ceased our contract with you? What are the retention periods?
Do the contracts/terms and conditions document that schools have with you reflect GDPR?
I’m new to the GDPR and would love more details on what it is
The Information Commissioner’s Office (ICO) has issued a guide to explain the provisions of the GDPR to help organisations comply with its requirements: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/