GDPR: What it Means For You as a Recruiter in The New Year
May 2018 will see big changes sweeping through businesses all over Europe. By now you will have seen the letters GDPR pop up in blogs and news sites and we want to distil all of the information, cut out the noise and help yo u get to grips with a new strategy for 2018. Even though rules will only be enforced in May companies are doing their utmost to prepare themselves now. Read on to find out how GDPR will affect you as a recruiter and the recruiting industry as a whole in the new year and how you can protect you, your candidates and your employer in the most effective way possible.
What is GDPR?
The General Data Protection Regulation is an EU initiative that is designed to bring a standard rule to data privacy laws all over Europe. Different countries can have different ways of dealing with their data collection and storage strategies and GDPR will standardise these across the board.
GDPR will work to protect European citizens in a world that is becoming increasingly data-driven.
How GDPR works for citizens
Organisations must make their customers aware of any breaches of security that may affect their data. Organisations must notify people within 72 hours of a suspected security breach.
A customer (referred to as data subject) may request their personal data in an ‘easy to read format’. They may also use this data for their own use ie. give this data to another organisation.
Right to access
Data subjects can request confirmation from an organization (data controller)
to confirm as to whether or not personal data concerning them is being processed, where and for what purpose. The controller must provide a copy of the personal data, free of charge, in an electronic format.
Right to be forgotten
This term is often referred to as Data Erasure. Data subjects can request their personal data be erased and no longer be processed.
Privacy by design
Organizations must place data protection at the centre of designing new systems and processes. It must no longer be seen as an afterthought or an add-on. ‘The controller shall..implement appropriate technical and organisational measures..in an effective way.. in order to meet the requirements of this Regulation and protect the rights of data subjects’.
Data Protection Officers
Organizations must now appoint a DPO. The qualifications for a DPO have been taken from eugdpr.org and listed below:
- Must be appointed on the basis of professional qualities and, in particular, expert knowledge on data protection law and practices
- May be a staff member or an external service provider
- Contact details must be provided to the relevant DPA
- Must be provided with appropriate resources to carry out their tasks and maintain their expert knowledge
- Must report directly to the highest level of management
- Must not carry out any other tasks that could result in a conflict of interest.
All of these changes mark a new age in civil rights and will help make the subject of data collection, processing and protection more transparent across all industries. Recruiters handle huge amounts of personal data on a daily basis; names, e-mail addresses, dates of birth, home addresses etc. It’s important to be in a position where you can protect yourself and your candidates
Failure to comply with these new rules can result in a fine 4% of annual global turnover for breaching GDPR or €20 Million- whichever sum is greater. There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order, not notifying the supervising authority and data subject about a breach or not conducting an impact assessment. It is important to note that these rules apply to both controllers and processors — meaning ‘clouds’ will not be exempt from GDPR enforcement.
GDPR and the recruitment industry
So what can you do as a recruiter or the owner of a recruiting agency to make sure you fully understand the implications of GDPR on your work?
1. Attend professional workshops
REC UK will be hosting a series of workshops from January-March to help you really get to grips with how your processes may have to change. The workshops cost £99 for REC members and from £249 for non-members. The courses are very extensive and you can find out about them in more detail as well as starting dates on the REC website.
2. Teach yourself about GDPR
The recruitment industry has banded together and started to create countless documents to help you learn all you can about these new regulations so you can hit the ground running in May 2018. Beamery have launched GDPR: The Complete guide for recruiting teams, a great dive into not only the technicalities of GDPR but also how it will really look in practice. A really great guide in easy to understand language to inform you about your new sourcing habits and also how to manage all the candidate data you’ve collected in the past.
3. Put the wheels in motion
Although these new regulations will only come into effect from May 2018 it’s important to start doing what you can now to make it as a smooth a process as possible. Organise your marketing team, start reaching out to your database now to provide them with opt-out clauses across all communications eg. newsletters, e-mail subscription lists etc.
4. Take stock of your current processes and plan next steps
Use this time to identify what changes you will need to implement come May 2018. Analyse the way your company collects and processes candidate data and make a plan for any changes you may need to make. It’s important to note that although GDPR is an EU initiation it can affect companies all over the world, Any company that holds the personal data of an EU citizen is subject to these rules also.
As we creep closer to May we’ll be publishing more and more about how the recruitment industry can prepare for the impending changes. For now, start using these handy steps to get clued up and start planning for next year.
Start your Christmas break off on a high with a gift from SocialTalent! Enter our last competition of the year by telling us your Recruiting Resolution for next year. We can’t wait to hear about it!