The General Data Protection Regulation (“GDPR”) law comes into force on May 25, 2018. EU citizens and residents will have more control over their own personal data and companies will have to be compliant, by law, to a host of factors set out by the regulation.
CodinGame has ensured that it is compliant with the General Data Protection Regulation as of the 25th May.
Our Main Goals
Our main objectives when implementing GDPR were as follows:
Be 100% compliant
The most important objective in implementing GDPR was to ensure full compliance behind the scenes at every step, assuring our customer base that their personal data is being collected, stored and processed in line with the new law.
From engaging our team in GDPR training so that everyone at CodinGame knows exactly what they can and can’t do with a candidate’s data to making sure that there is a Data Processing Agreement (“DPA”) in place with anyone who we work with, we’ve left no stone unturned.
Create effective processes
CodinGame has done substantial groundwork leading up to the 25th May so that we have sound processes in place for effectively and compliantly managing candidate’s data.
For example, a candidate now has the right to be forgotten. All a candidate has to do is contact CodinGame and their details – such as their name and address – will be permanently deleted, rather than just ‘ghosted’ or ‘paused’. We can, however, effectively separate data, so that important data relating to score statistics and so on, can still be retained in order to continue optimizing our services.
By implementing sound GDPR procedures, CodinGame can smoothly manage and communicate to candidates about their data, whilst still effectively leading the way in tech recruiting, helping HR departments find and retain their tech talent.
Our GDPR Procedures
In the past months, we closely worked with a dedicated law firm to ensure we effectively transition and adapt our processes to the new regulation. The following procedures have been our key internal focuses to ensure we are GDPR compliant:
Data Consent and Policy Communication
GDPR stipulates that requests for consent to use personal data must be given in a clear intelligible form.
We have fully updated our legal documentation to communicate and explain in an understandable way how we are GDPR compliant. For example, our Privacy Policy explains what data we collect, why we collect it, what to do if you want it erased and so on. We have implemented a checking system, where each customer to our site has to agree to the use of their personal data in our Privacy Policy when they first visit CodinGame for Work. When this box is checked, we store the date of consent as proof of consent to our Privacy Policy. We have also updated our Cookies Policy in light of GDPR.
Check out our updated Privacy Policy here and Cookies Policy here.
Data Infrastructure
We’ve given a lot of love to our database in the lead up to the 25th May so that we are completely compliant with GDPR.
One of the changes that GDPR brings is that a user now has the right to access their data. This means that upon request, CodinGame must be able to provide details of how, what and where we are processing their personal data. By giving our data infrastructure a lick of paint (oh, if only it were that easy!) we have all data described and stored in a way that makes accessing, communicating and so on in compliance with GDPR run smoothly for us as a business and for our customers.
Data Protection Officer
As stipulated by GDPR, CodinGame now has nominated a dedicated Data Protection Officer (“DPO”). Our customer’s confidence in CodinGame is extremely important to us and by hiring a DPO, they can be assured that we are being consistently compliant.
Dedicated contact address
If you have any questions on our updated procedures or would like to get in touch about GDPR, please do not hesitate to contact [email protected].
