GDPR enforcement: Central Test is fully compliant
May 25th 2018 marks the first day of enforcement of GDPR, the new European General Data Protection Regulation. A few months ago, we addressed how Central Test was working towards complying with the new European regulation.
We are committed to transparency and security, both forming an integral part of our code of conduct. Today, we are pleased to announce that we are fully compliant with the new data protection regulations:
- Obtaining consent from everyone: we make sure that our clients comply both with GDPR and the code of ethics with regards to psychometric testing. We have facilitated the process of obtaining candidates’ consent prior to the completion of the assessments, namely by providing our clients with the relevant documentation.
Furthermore, when a trial offer request is made on Central Test’s website, we obtain consent to process the information provided, in accordance with the Data Protection and Cookies Charter.
Lastly, we have renewed the consent of all of the clients and participants on our platform so that they may express their wish to keep receiving news from us, as well as invitations to HR events or webinars.
- Inventory of all the data processed: we have created a register of all of our data processing activities, outlining all of our procedures with regards to the collection of personal data, and mapping those that require human resources processing, by precisely identifying the purpose for the data collection.
- Data Processing Agreement between the Provider (Central Test, as a psychometric publisher) and the Data Processing Controller (Central Test’s Clients). We have formalized the new legal obligations of both the Data Controller and the Sub-Contractor Provider when processing data, namely the obligation for the Sub-Contractor (Central Test) to act only in accordance with documented instruction of the Controller, and for the purpose defined by the latter.
- Internal rules of the company or Binding Corporate Rules: regarding the Central Test group as a whole, including our subsidiaries located outside of the European Union, we have taken security measures in case of possible data transfers outside the EU. We have thus set up BCR’s requiring subsidiaries outside of the EU to comply with contractual obligations, corresponding to the requirements of the European General Data Protection Regulation.
Central Test remains at your disposal for any questions with regards to our approach to GDPR.