Keep up with the latest hiring trends!

An Introduction to GDPR and How Recruiters Can Prepare

Of late, the General Data Protection Regulation (GDPR) has left many a recruiter scratching their heads. There has been plenty of confusion around some of the changes surrounding data protection, data sharing and the security of information. Furthermore, recruiters need to prepare for these changes well in advance of it coming into effect due to its importance. If you manage to breach the rules of the GDPR, you could be on the other end of a hefty fine. We’re here today to give you an introduction to GDPR and what you can do as a recruiter to prepare.

What is GDPR?

So let’s start with the basics here. The GDPR is an important new EU regulation for the protection of personal data. This regulation will come into immediate effect from 25th May 2018. The GDPR will seek to ensure certain protections are in place for personal data collected by companies processing that data. It provides strict laws that all companies need to adhere to. The importance of this new EU regulation cannot be stressed enough – this is no joke! If companies are found in breach of the GDPR, you will be slapped with a massive fine. A fine that could have a long-term effect on you or your company.

How much is this fine I hear many of you ask? Companies that fail to comply with the provisions will be subject to a maximum fine of €20 million, or 4% of annual worldwide turnover.

Who Are Key Players in the GDPR?

Let’s take a quick look at the main players in the GDPR. As an example, we’ll use the analogy of a soccer match and pinpoint who the key players are. The main players are the equivalent of the audience at the match. Under the GDPR, the Data Subjects are individuals like you and me that the personal data relates to. The GDPR gives Data Subjects certain rights and remedies in relation to the personal data that’s processed about them by companies. The captains of the team would be the Data Controllers.

The Data Controllers take care of the wins. They manage and control the players on the field. They know who is playing, what the strategy is, where the player should be, and why they need to be doing what they’re doing. Under the GDPR, the Data Controller is someone who collects personal data and manages how it is processed.

The Data Controller has the responsibility to know and document the W’s. What is personal data the company processing? Why is it processing that data? Who is the company sharing the personal data with? Where is the processing taking place? So just like the captain of the team reports and analysing the game post-match the Data Controller is responsible for keeping a register of the W’s. The individual players on the field would be the Data Processors in this analogy.

They do what the Data Controllers tell them to do and they agree with the Data Controllers how they should distribute and organise the personal data. There’s also the substitutes, who would be the Data Sub-processors under the GDPR. Data Sub-processors may or may not be needed by Data Processors. They will come on board to help the Data Processor if necessary and they will ultimately follow the instructions of the Data Controller.

Why Does It Matter?

Why does it matter? Why does it matter whether I’m a Data Controller, Data Processor or even Sub-processor? Well the GDPR places certain obligations on you depending on what role you play. Let’s look at Social Talent as a Data Processor of its customer’s personal data. The GDPR states that there must be a written contract between the Data Controller and the Data Processor. Personal Data of EU citizens should not be transferred outside the EU without consent, this is of utmost importance!

Personal Data of EU citizens should not be transferred outside the EU without consent, and I will be speaking a little bit more about that later. You are also required under the GDPR,  to notify the customer if it considers that any instruction it receives from the customer infringes the regulation. This is an extremely onerous task. Furthermore, you are required to ensure that all your staff are familiar with the GDPR to ensure effective compliance, and that is part of why you need to prepare well in advance of May 25th!


Looking to learn more about the GDPR and how it will affect your business? Get in touch with our team today and see how we can help you!

All information provided in this article has been provided by Tricia Higgins,  the Co-Founder and Legal Director at Fort Privacy

Find out how the likes of IBM, IKEA and Siemens
drive hiring excellence with SocialTalent