GDPR

The GDPR (General Data Protection Regulation) is legislation crafted to enhance and harmonize data protection laws for individuals within the European Union. This regulation became enforceable on May 25, 2018, with the aim of strengthening data privacy and security measures across the EU.
The General Data Protection Regulation (GDPR) supersedes the Data Protection Directive (DPD 95/46/EC) and amplifies the rights of EU individuals regarding their data while bolstering data privacy measures. Its implementation fundamentally alters how organizations worldwide handle data privacy.While originating as a European Union regulation, GDPR extends its impact globally, affecting all businesses that process or control data belonging to European citizens.

What is the aim of GDPR?

The primary objective of the GDPR is to provide EU citizens (including the UK) with robust protection against data breaches and to fortify the privacy of their personal data. Under the GDPR, the definition of "personal data" is extensive, encompassing any information pertaining to an identified or identifiable individual, referred to as a "data subject."

GDPR empowers individuals, such as customers and citizens, with a range of data subject rights, which they can exercise under specific conditions, with a few exceptions.

Key changes introduced by the GDPR include:

Expanded rights for individuals: The GDPR offers enhanced rights for EU individuals, including the right to be forgotten and the right to request a copy of their stored personal data.

Compliance obligations: Organizations are required to implement suitable policies and security measures, conduct privacy impact assessments, maintain detailed records of data activities, and establish written agreements with vendors.

Data breach notification and security: The GDPR mandates organizations to report certain data breaches to data protection authorities and, under certain circumstances, to affected data subjects. It also imposes additional security requirements on organizations.

New requirements for profiling and monitoring: Organizations engaged in profiling or monitoring the behavior of EU individuals face additional obligations under the GDPR.

Increased enforcement: Authorities have the power to impose fines on organizations, amounting to the greater of €20 million or 4% of the company's annual global revenue, depending on the severity of the breach and resulting damages. Additionally, the GDPR establishes a central point of enforcement for organizations operating in multiple EU member states, requiring them to collaborate with a lead supervisory authority for cross-border data protection issues.

How Kakoo complies with GDPR?

Kakoo is fully committed to complying with the General Data Protection Regulation (GDPR) in our capacity as a data processor. Given the complexity of GDPR, we have diligently collaborated with privacy experts and legal counsel to ensure thorough compliance.

Here's an overview of our efforts to achieve GDPR compliance:

Appointment of a Data Protection Officer: We have appointed a dedicated Data Protection Officer to oversee GDPR compliance and ensure alignment with regulatory requirements.

Extensive research: We have conducted comprehensive research to identify areas within our product and business operations impacted by GDPR.

Revision of Data Protection Agreement (Privacy Policy): Our Data Protection Agreement (Privacy Policy) has been carefully rewritten to align with GDPR standards and inform users about their rights and our data processing practices.

Development of strategy and guidelines: We have developed a clear strategy and guidelines to address GDPR requirements within our product and business processes.

Product enhancements: Necessary changes and improvements have been made to our product to ensure compliance with GDPR, as outlined in the "Acknowledging Data Rights" section.

Internal process updates: We have implemented required changes to our internal processes and procedures to achieve and maintain GDPR compliance.

Rigorous testing: All changes and updates have undergone thorough testing to validate compliance with GDPR standards.

Communication of compliance: We have communicated our GDPR compliance efforts through our website to assure users of our commitment to data protection and privacy.

By undertaking these measures, Kakoo strives to uphold the highest standards of data protection and privacy in accordance with GDPR regulations.

Acknowledging data rights

Right to accessThe right to access signifies that individuals have the authority to request access to the personal data that organizations possess about them. To comply with this regulation, Kakoo offers the "Update Resume" feature, which enables users to send candidates a link. Through this link, candidates can access all the information that Kakoo has stored about them, thereby facilitating their right to access their personal data.

Right to rectification: Through the "Update Resume" feature, candidates can edit, update, and rectify any missing, incorrect, or outdated information stored about them.

Right to erasure: If requested, Kakoo promptly deletes a candidate or client's information upon selection, ensuring their personal data is permanently erased from the system.

Right to restrict processing:Kakoo allows users to tag candidates to restrict their profile, ensuring they are not sent to hiring managers or contacted for job opportunities.

Right to data portability: Users can export their data from Kakoo through the Admin settings, enabling them to transfer it to another electronic processing system.

Right to object:

Kakoo lets users tag and filter candidates and contacts who do not wish to receive emails, allowing them to opt-out of communication from recruiters.

Rights in relation to automated decision-making and profiling: Kakoo ensures that all activities, including candidate submissions and emailing contacts, involve human user decision-making, avoiding automated decision-making or profiling processes that could impact individuals' rights.

Advanced Security

As a software company, we prioritize the security of our customers' data, especially in light of potential threats such as malware attacks like WannaCry and Meltdown. In the event of a data breach where your information could be compromised, it is our responsibility as the data processor to promptly notify you without undue delay.

To safeguard your data, we employ stringent security measures. All data is encrypted and stored in top-tier data centers managed by Amazon Web Services (AWS). Additionally, we utilize various AWS services to ensure regular data backups and availability.

In preparation for GDPR compliance, we have undertaken numerous changes and initiatives to facilitate a smooth transition for our customers. Despite these changes, our core focus remains on simplifying recruiters' lives with our exceptional software.

This information should serve as background information to help you understand how Kakoo has addressed some important GDPR requirements, that you are legally obliged to comply with, under EU laws.