You have probably heard by now about the GDPR (General Data Protection Regulation) changes that are coming into effect on the 25th May 2018. Technology and the way in which we use data has drastically changed since the Data Protection Act of 1998 which has called for a change in the way in which data is collected, stored and managed.
Recruitment Agencies deal with candidate’s personal data every day so the changes will have a direct impact on the recruitment industry and you will need to be prepared for this.
Consent – You will be required to use clear and simple language when asking for consent to collect personal data and also you must be able to prove consent to process data. You will also need to clearly state how the data will be stored and used. Consent cannot be affirmed from silence, pre-ticked boxes or inactivity. Fresh consent must be obtained if you alter the way you are using the data that you have collected.
Right to be Forgotten – The right to be forgotten entitles the data subject to have the data controller erase his/her personal data and any third parties processing of their data. In addition to this, all personal data must be erased when the data is no longer relevant or necessary to be kept.
Breach Notification – Should a data breach occur you will be required to notify the Information Commissioner’s office within 72 hours of your organisation becoming aware of it. You will also be required to inform anyone affected by this within this period of time.
Data Protection Officer –It is advised that agencies appoint a DPO (Data Protection Officer). This will allow you to have a single person that can plan and prepare for GDPR and ensure your agency remains compliant.
GDPR applies to businesses worldwide that process personal data of European (EU) citizens. With Brexit negotiations underway, it is currently unclear what the outcome will be once the UK has left the EU so we advise you to keep a close eye on this but you will be required to be compliant with GDPR at least until we have left the EU.
Businesses that fail to comply with the new legislation could face fines of up to €20 million or 4% of their global annual turnover.
You will need to put in place new processes on how you collect, store and manage your data and ensure staff within your agency are fully aware of the GDPR legislation and the importance of safeguarding personal data.
You will need to review and update your privacy statements as well as review your on-boarding processes.
It is important you review your current data and data collection processes. If you hold data on candidates or clients that is old or no longer relevant then you will need to look at cleansing this unless you can obtain explicit consent.