The Impact of GDPR on Candidates and Recruitment
The General Data Protection Regulation (GPDR) comes into force from 25th May 2018; it impacts on any businesses that process EU Nationals data across the world (the UK will be included whatever the outcome of Brexit).
It does not just apply to recruitment agencies and search firms but as a job seeker you should be aware of the ramifications because of the sensitive nature of the data these businesses hold.
What will GDPR do?
The principle behind GDPR is ‘to protect people, not data’, it has been designed to ensure the safe management of individuals data providing protection and holding businesses more accountable for data management.
The Impact on you
The biggest impact on the individual is that you can request for all of your information to be deleted without undue delay (within 30 days). This means that if your details are held online by job boards or locally by headhunters you can effectively delete your digital footprint.
Your data should be held more securely and you have the right to report any non-compliance to the Information Commissioners Office who will investigate on a case by case basis.
Securing your Data
GDPR has not been designed solely for you to manage your information; the purpose is to ensure that businesses take every appropriate measure to keep your data secure. You may recall the data leak from Michael Page in November 2016 that saw over 750,000 candidate details published online.
To summarise the implication on businesses:
- You must give companies your consent to use your data and for what purposes; this may mean having to re-register every candidate;
- Recruiters will be more tightly regulated on who they share your data with and for what purpose;
- Companies collecting data on behalf of others will require GDPR compliance – this will impact RPOs and agency forms more than executive search;
- All systems must be encrypted and secure with staff being trained in how to manage personal data;
- Any breaches must be reported to the Information Commissioners Office (ICO) within 72 hours.
Any businesses failing to adhere to GDPR is liable for a 20m Euro fine or 4% of global turnover (whichever is higher); this would be fairly catastrophic for any recruitment firm.
What Should you do?
Firms have until 25th May 2018 to be compliant but should already be in the process of preparing themselves, as such in your daily dealings you have the right to ask any recruiters you deal with:
- Are you registered with the ICO?
- Are you GDPR prepared/compliant?
- What is your protocol in the event of a data leak?
- What data do you hold about me and what is it used for?
Despite the impact of GDPR the truth is that the actual implications are slightly unknown and will become clearer as test cases are bought to court, in the meantime you should be aware of your rights and if you have concerns contact any firm you feel may have your information.
One implication that has not drawn an answer yet is the liability of job boards and recruiters who harvest CVs from job boards; this will fall under the question of consent and will no doubt be answered in due course.
Read the Latest Blog Content from Catandra
startUP Recruitment I’m doing some work in the startUP arena at the moment and recruitment is one of the biggest early stage challenges; when cash is tight but you are pushing growth who do you hire? StartUPs have a certain culture and need the right people to get...read more
Recruitment complaints have become more prevalent on LinkedIn in the last year or so, these typically contain one or more of these issues including a lack of quality recruitment and service: Candidates The recruiter never called me back; Did the job even exist; I...read more
The Impact of Minimum Energy Efficiency Standard (MEES) on Retail and Distribution Businesses The Minimum Energy Efficiency Standard (MEES) was announced in April 2015 and the legislation comes into force April 2018; impacting approximately 20% of commercial...read more