A Recruitment Agency Thailand company’s work involves the processing of significant general and sensitive personal data and sensitive personal data, each of which requires slightly different practice and care. Following the PDPA laws, recruitment companies Thailand have to follow the following rules and methods: –
- A Recruitment company should create its own online recruitment channels or set up its own e-Recruitment as an additional recruitment channel apart from its own external recruitment website;
- A Recruitment company should inform its applicants that they are not required to submit sensitive personal data, such as religious information (“genetic information”) or personal information such as illnesses and diseases encountered or medical conditions. But of course the resume should include general personal information (“general data”) for consideration first, if shortlisted, then the applicant will write a job application form and give consent to collect, use or disclose personal information to the client;
- Job applicants should be notified to submit supporting documents such as a copy of ID card, copy of house registration, etc., which usually contains information about religion (sensitive personal data). However, job applicants can erase or use a black chemical pen to block/cover/hide sensitive personal information before submitting the documentation to the company;
- A Recruitment company should include a consent section for collecting, using or disclosing personal data for applicants to whom the personal data is provided which applicants can tick to agree their permission(s);
- Staff who are involved in recruiting and selection work, for example, receptionist staff should be assigned to welcome applicants. In this case, the company must formally designate the receptionist/administrative officer as an Authorized Person directly responsible for dealing with the personal information of job applicants;
- A place to store the job application and any supporting documents of applicants should be specifically chosen and instructed by the Thailand headhunter in order to prevent personal data leaks in the future;
- Measures should be set up to maintain the security of personal data of applicants in full as required by the PDPA Law. These should include the preparation of policies, documents with clearly defined operating procedures ensuring that your organization will keep candidate’s personal data safe and secure; and,
- Systems should be set up to delete or destroy personal information of job applicants or alternatively encryption procedures put in place to make the information non-identifiable to the applicant in the event that the retention period has expired.
Should you require any further information or assistance regarding the contents of this publication or require information about the RSM Executive Search services in Thailand and outplacement services, please do not hesitate to contact us: +66 (02) 670 9002-6 or email: askus@rsmthailand.com