TestGroup and the GDPR

The General Data Protection Act (GDPR) is applicable from 25 May 2018. This news item explains the measures taken by TestGroup to protect the data privacy of candidates.

The General Data Protection Act (GDPR) is applicable from 25 May 2018. The GDPR will improve candidates’ rights with regard to data protection. The GDPR aims to increase transparency in the way personal data is processed. We have made changes to the Bridge assessment platform to bring it in line with the GDPR. We have also drawn up a data processing agreement for our customers.

The main points of the GDPR:

1. The reasons for an organisation to record data must be clear;
2. Candidates must give permission for the data to be saved and processed;
3. Candidates have more rights, including the right to have their data deleted;
4. Everything an organisation does with personal data must be demonstrably recorded;
5. Businesses and organisations must record and save only data that can be justified;
6. The security of information must be in order;
7. If personal data for which you are responsible is processed by external parties, this must be drawn up in a data processing agreement.

In practice, this means that as a customer of TestGroup, you are ‘the responsible party’ in accordance with the GDPR. Under the GDPR, TestGroup is the ‘Processor’, because TestGroup processes data in our systems on behalf of customers. We have made changes to the Bridge assessment platform, so that you fulfil the GDPR requirements.

GDPR changes to the Bridge Assessment Platform:

1. A screen has been added to the candidate login, on which a candidate is requested to give permission for saving and processing data, referring the candidate to TestGroup’s privacy statement. In your account, you can see whether or not your candidate has given permission.
2. Bridge assessment account-holders can delete all of a candidate’s data (including the reports). You can also delete the data of all candidates in the system (per year). We advise you to delete data that is older than 24 months, thus complying with the GDPR regulations.
3. TestGroup believes that real protection of candidates’ data is only possible if this data is saved and processed anonymously. So you no longer need to save personal data on the Bridge assessment platform. The system provides the option of creating and saving a candidate’s profile anonymously. The assessment report is also created anonymously. NB: you still have the option of creating a candidate’s profile with their name/first name.
4. The sort of data we process can be found in our privacy statement. If you save data in other systems within your own organisation, you must describe and record this process yourself.
5. All the TestGroup systems are optimally set up for data protection.

If external parties process personal data for which you are responsible, this must be set out in an agreement. For you, TestGroup is an external party that processes personal data. We have therefore drawn up a data processing agreement that fulfils the GDPR requirements.