GDPR Statement

The new EU General Data Protection Regulation (GDPR) comes into force on 25 May 2018 (including in the UK regardless of its decision to leave the EU) and will impact every organisation which holds or processes personal data. It will introduce new responsibilities, including the need to demonstrate compliance, more stringent enforcement and substantially increased penalties than the current Data Protection Act (DPA) which it will supersede.

Front of Class will comply with applicable GDPR regulations as a data processor when they take effect on 25th May 2018. Working in conjunction with our clients, we will explore opportunities within our services offerings to assist our customers to meet their GDPR obligations.

We are committed to address EU data protection requirements applicable to us as a data processor. These efforts have been critical in our ongoing preparations for the GDPR:

Data processing:

Our ability to fulfill our commitments as a data processor to our customers, the data controllers, is a part of our compliance with GDPR where data controllers are using a third-party like us to process personal data.

Privacy Shield Principles:

To learn more about the Privacy Shield Framework and the Privacy Shield Principles, please visit the U.S. Department of Commerce’s Privacy Shield website at https://www.privacyshield.gov.

Data portability:

The GDPR includes certain requirements on data controllers for the portability of personal data. The data our customers store in Front of Class is theirs. We provide for portability and are continually working to enhance the robustness of our data export capabilities.

Where Do You Stand?

As a current or future client of Front of Class, now is a great time for you to begin preparing for the GDPR as a data controller. Consider these tips:

Get to know GDPR: Familiarise yourself with the provisions of the new regulation, particularly how it may differ from your current data protection obligations and consider the relationships you have with both your clients and candidates. Also, note the variance of local provisions which may be superseded by the new regulations when they become EU law in May this year. Be aware that new requirements may require new solutions that meet the stringent requirements ahead.

Audit your data and processes for data capture: Consider creating an updated and precise inventory of personal information that you control. Review your current controls and processes to ensure that they're adequate, and build a plan to address any gaps. Here are some steps you can take today:

1. Review your field maps2. Review your process documentation3. Ensure you have a lawful basis for processing the data

Stay informed: Stay abreast of updated regulatory guidance as it becomes available and consider consulting a legal expert to obtain guidance applicable to you. We recommend regular review of the Information Commissioner's website, which is the UK representative within the EU working group: Article 29.

Cookies

We use cookies on our website for many purposes. They help us to provide you with a good experience when you browse our website and allow us to improve our site. By continuing to browse the site, you are agreeing to our use of cookies.

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) some parts of our site, might not be fully functional.

‍