Ascent People Ltd takes data gathering, processing and use very seriously and we have been working to become GDPR complaint for some time and have been following the developments with GDPR closely in order to become compliant since the issue arose.
Our primary objective is to maintain outstanding levels of service for our candidate and client base whilst providing a world-class recruitment service, all within GDPR requirements.
The data that Ascent People Ltd gathers is gathered lawfully and for specific purposes only. To be GDPR compliant, we will always seek consent to store and process data in a clear and affirmative way with a timescale on storing data agreed at point of consent. Ascent People Ltd will always have confirmation that we can hold their PII with an audit trail (if verbal, an audit trail will be created.)
We will provide the following information to the Data Subject during the consent process:
Ascent People Ltd classes all internal notes and correspondence with candidates or to 3rd parties about correspondence as PII. We will make the PII and records and any notes accompanying the data available to those who the record involves. We will supply the source of where we gathered the data and request consent to use data within 30 days of gathering the data. Upon request, we will amend data if requested. We will also remove and permanently delete data from the consented databases as soon as possible at any time should it be requested.
Ascent People Ltd shall only work with Data Processors (companies who store the data on our behalf) who guarantee to support the rules of GDPR.
Ascent People Ltd is waiting on advice regarding the portability of data, should a data subject request all data and how this might have to be provided to another data controller.
In the event of a data breach, Ascent People Ltd will notify the regulator within 72 hours.
Ascent People Ltd is continually developing an audit of all data within the business and this is assisting in our drive to become GDPR compliant.
Data will only be stored on our CRM system or where consent from an affirmative action has been given.
Ascent People Ltd acknowledges that the new requirements for consent will not necessarily cover all existing data held. Like most recruitment companies, we are potentially in possession of Data Subject PII with no audit of consent and no evidence that we have engaged with the Data Subject or supplied a service and will therefore be seeking affirmative action in order to gain consent to hold this data moving forward, within a reasonable timescale, in order to be GDPR compliant.
Ascent People Ltd is holding training with its employees as the picture regarding GDPR becomes clearer for the industry and Ascent People Ltd.
If you have any questions about Ascent People Ltd approach to GDPR, then please contact the Data Officer, Nadine Bramley, on enquiries@ascentpeople.co.uk
Data controller: Ascent People Ltd
Data Subjects: Candidates, suppliers, staff, clients
PII: Personally Identifiable Information