Given the nature of its business, Smartree has always been concerned with security issues and has implemented data back-up and data protection procedures, functional business continuity and disaster recovery plans before May 25th, 2018. These procedures have been updated, revised and improved to respond to the new GDPR regulations. Since its debut, data confidentiality has been at the core of Smartree’s business, with employees attending workshops and training on a regular basis.
Smartree is constantly involved in processing of personal data, whether it’s about accessing resumes received in the recruitment operations or processing payroll data on behalf of our clients. GDPR compliance procedures have been initiated within Smartree since November 2017, when we launched an extensive audit of the workflow of all our departments involved in processing personal data. Following this audit, besides the existing security measures, new organizational measures have been documented and established to ensure the compliance with GDPR of the payroll applications and of other services provided by Smartree.
In order to be able to supervise the accurate implementation of the new procedures and to continue to provide services to clients under the new legislation, has appointed an outside expert as Data Protection Officer (DPO).
Moreover, following the internal audit, we also took a series of measures to provide protection of all personal data flows. These include personal data security certifications of all our data center subcontractors, limiting the access to personal data information within the company, multiple security layers and tracking or deleting the data after the purpose for which it was collected was reached.
Another measure adopted within the company is the training of employees, who took part in numerous induction courses on the basic concepts of GDPR. Thus, Smartree specialists have learned what personal data means, what are the actions of processing this type of data and what rights individuals have in relation to processing their data. Our colleagues have also a variety of support materials and can reach out at any time to the company’s DPO to find the best GDPR solutions. In-depth trainings were held with each department a few weeks before the GDPR came into force on May 25, 2018. These meetings focused on department-specific processes and on the procedures to be followed to ensure that data is collected and managed in line with the new European regulation.
In dealing with our clients, we place a special emphasis on transparency. That’s why we have initiated constant communication activities on this matter in order to prepare for alignment with the GDPR norms. In addition, we have already implemented new procedures for submitting personal data and in the following period of time we will focus our resources on developing an automated and secure flow of personal data.
As for the candidates, but also for any other person concerned, we have adopted procedures that help us come before them when choosing to exercise one of the rights guaranteed by the new legislation.