ETHICS & GDPR
PERSONAL DATA SHOULD BE HANDLED WITH CONSIDERATION
We believe that every individual invited to take an assessment should be treated in a fair and ethical manner.
We help you comply with GDPR in terms of handling personal data, and set up the system to anonymise data.
ETHICS & QUALITY
We believe that assessments reveal opportunities and potential and that individuals grow and flourish in the workplace when they have a job which fits them. A key part of using assessment tools is that they can objectively show an individual’s potential and in this way contribute to the development of that person in the right direction. An assessment should never be used on its own as the only deciding parameter, but can provide invaluable and objective insight into a person’s strengths and therefore potential given that the assessment is reliable and valid.
We contribute considerable resources to document that the assessment tools and methods we provide are reliable and valid. Read more in the science section.
We emphasise that analyses and feedback on assessments should be conducted by a trained PI Professional. During certification courses we ensure that participants are thoroughly taught how to apply the assessments, the limitations of the tools, and furthermore, informed about the current regulations. We also provide refresher seminars for PI Professionals who need a brush-up.
Humanostics is an active member (and since 2010 a member of the board) of the Danish organisation Videnscenter for Professionel Personvurdering and we follow the ethical guidelines established by this entity and ultimately the ISO 10667 Standard.
GDPR - GENERAL DATA PROTECTION & REGULATION
WHAT IS GDPR?
The European Parliament adopted the General Data Protection Regulation (GDPR) in April 2016, replacing an outdated data protection directive from 1995. It carries provisions that require businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. The GDPR also regulates the exportation of personal data outside the EU.
WHO IS AFFECTED?
The GDPR significantly widens the scope of EU data protection law. Any organisation that processes personal data of EU individuals is within the scope of the law, regardless of whether the organisation has a physical presence in the EU. Importantly, under the GDPR, the concept of “personal data” is very broad and covers any information related to an identified or identifiable individual (also called a “data subject”), such as names, email address and other personally identifying information. This definition also extends to technical information, such as an IP addresses or device identifiers. “Processing” under the GDPR means collection, storage, transfer, or use.
WHAT IS THE UPSIDE?
The GDPR makes compliance with EU data protection law more predictable because it provides for harmonisation of data protection requirements across the EU – as opposed to the current regulations, which have resulted in a sort of patchwork of laws across all EU member states. The GDPR also makes compliance easier because the law was updated with the current state of technology in mind. The previous regulation is over 20 years old. Things have changed quite a bit since then, leaving various gaps when overlaying the law over current technology and complex international data flows and business processes. The GDPR aims to close many of those gaps.
GDPR REQUIREMENTS
GDPR compliance also includes handling data in accordance with your company privacy policy. We offer a software platform to administer the assessments which is designed to help you easily set up a process to automatically anonymise data in accordance with your privacy policy.
DOCUMENTS & SIGNING PARTIES
As an existing client of Humanostics a range of documents are required for your company to be GDPR compliant. Your contract has to be the latest format and you have to sign a DPA (Data Processing Agreement). In addition to signing the DPA you will also require a subprocessor addendum, so please reach out to us to be provided with the correct addendum. If you have any questions about the DPA or The Predictive Index’s efforts in relation to the GDPR, you can visit The Predictive Index’s website.
FOR EXISTING CLIENTS: GDPR GUIDES TO PI SOFTWARE
Recorded Webinar on GDPR Compliance
Watch this recorded webinar to get best practices on how to ensure GDPR compliance when working with The Predictive Index, including high-level information about GDPR compliance in a PI context, a recommended process for handling PI data, sorting and categorising data in PI Software, restricting access to data in PI Software, automatically anonymising data in PI Software, instructing other software users, and informing candidates about your process.