Data Protection Impact Assessment (DPIA)
We adopt a privacy-by-design approach (GDPR Art. 25) and run DPIA screening on major features, data flows, and vendor integrations.
Ready
Screening Scope
- Personal data processed for candidate, employer, and advertiser accounts.
- Uploads (CVs, photos, videos) — validated, re-encoded, EXIF stripped; stored outside webroot.
- Security layers — secure session, CSRF on all forms, rate-limits, OTP, audit logs.
- Data subject tools — export/erase pathways; automatic expiry for inactive users/files.
Key Risks & Mitigations
- Unauthorised access → Role-based access control, deny by default, Argon2id passwords, session rotation, HSTS/CSP.
- Cross-site attacks → Site-wide CSRF tokens, strict Referrer-Policy, SameSite cookies, nonces on inline code.
- Over-collection → Data minimisation defaults; only necessary attributes are required to use the platform.
- Retention → Automatic data expiry policies; logs with rotation; dedicated erasure/export tools.
Contacts & Requests
For data access/erasure or privacy questions, contact our support team via the in-app Privacy tools or email listed on the Privacy Policy page.
Ready
DPIA Quick Screening
Use this tool to assess whether a full Data Protection Impact Assessment is required for your project or feature.
Ready
DPIA Resources
Access our comprehensive DPIA toolkit and reference materials.
Templates & Guides
Legal References
- GDPR Article 35 - Data protection impact assessment
- ICO DPIA Guidance
- EDPB Guidelines
- Data Protection Act 2018
Ask AI about DPIAs
Have questions about conducting a DPIA, risk assessment, or compliance requirements? Ask below.