Recruiters: Don’t Be Caught out by GDPR – Protect Yourself with Our 5-Point Checklist

09 May

On 25th May 2018, businesses in all sectors will have to abide by the General Data Protection Regulation. Fail to do so, and you could face a fine of up to 2% of your global annual turnover; or €20 million – whichever is higher.

Non-compliance is simply not worth the risk.

GDPR: What Is It?
GDPR is a new regulatory framework that gives individuals more control over how organisations collect and process their personal data. It provides a uniform template for EU businesses to follow requiring the full consent of individuals for the data they share.

The Effect on Your Data
Recruiters review and collate a raft of data to profile candidates. From May 2018, candidates will have the right to object to any personal data being processed by recruiters, as well as the right to be forgotten—meaning recruiters will have to delete the personal history of candidates who exercise this right.

Auditing Your Data
A full data audit is the critical first step in GDPR compliance, for which most organisations have appointed a Data Protection Officer. This is the single point of contact to identify ‘at-risk’ areas in your business while creating a company-wide plan of action to become GDPR-compliant.

Not only must you review the data you currently store, but you must also audit how you collect the information. Explicit consent is the underlying driver of GDPR, so you must have an actual ‘yes’ from the candidate for any data you hold, as well as any data you plan to collect or process in the future.

Data Sharing
GDPR requires not only best-practice data collection but also accurate records of how you store data, as well as who you share it with. If you share candidate or reference information with a client, for example, you will need signed consent from the individual before sending personal details to the prospective employer.

Moreover, if you’ve previously shared inaccurate information with a client or third-party, you also have the responsibility to alert them to that fact.

The GDPR 5-Point Plan

1. Review your current data collection methods, the data you have on file, as well as your data-sharing practices. Identify where you must have explicit consent to hold or share data.
2. Centralise your data management policies so both your recruiters and GDPR auditors can clearly understand how your business adheres to GDPR requirements; transparency is key to compliance.
3. Update your data terms of use, so candidates have full transparency over why you collect certain information and how you will use it.
4. Establish a forward-looking data management plan to ensure ongoing compliance. Your Data Protection Officer should take responsibility for all future checks and balances.
5. Coordinate security checks and have policies in place should a data breach occur. Under GDPR, if data is compromised, you have a responsibility to alert the ICO. Plan ahead, so that you can uncover and rectify any breach in the shortest possible timeframe.

GDPR is about proving you have taken all the necessary steps to protect the public’s privacy. Map out your processes, keep detailed records of data collection methods, and be sure you can prove your due diligence should an auditor come knocking.


Latest News

When’s The Best Time Of The Year To Start A New Job?

As the new year approaches, that old cliché comes into play yet again – “new year, new me!”. Whether it’s a new attitude to your style, habits, weight or anything…
02 January
Hales care

How to submit a standout online job application

For many mid to large scale employers, online applications have become the norm. Online application forms allow employers to assess many different candidates with ease rather than trawling through hundreds…
27 December
Hales care

CV Secrets Everyone Should Know

More often than not, CV’s can be a struggle to write, let alone perfect. It really is crucial that your CV makes an outstanding first impression to recruitment agencies and…
07 November
Hales care