The Impact of GDPR on Candidates and Recruitment
The General Data Protection Regulation (GPDR) comes into force from 25th May 2018; it impacts on any businesses that process EU Nationals data across the world (the UK will be included whatever the outcome of Brexit).
It does not just apply to recruitment agencies and search firms but as a job seeker you should be aware of the ramifications because of the sensitive nature of the data these businesses hold.
What will GDPR do?
The principle behind GDPR is ‘to protect people, not data’, it has been designed to ensure the safe management of individuals data providing protection and holding businesses more accountable for data management.
The Impact on you
The biggest impact on the individual is that you can request for all of your information to be deleted without undue delay (within 30 days). This means that if your details are held online by job boards or locally by headhunters you can effectively delete your digital footprint.
Your data should be held more securely and you have the right to report any non-compliance to the Information Commissioners Office who will investigate on a case by case basis.
Securing your Data
GDPR has not been designed solely for you to manage your information; the purpose is to ensure that businesses take every appropriate measure to keep your data secure. You may recall the data leak from Michael Page in November 2016 that saw over 750,000 candidate details published online.
To summarise the implication on businesses:
- You must give companies your consent to use your data and for what purposes; this may mean having to re-register every candidate;
- Recruiters will be more tightly regulated on who they share your data with and for what purpose;
- Companies collecting data on behalf of others will require GDPR compliance – this will impact RPOs and agency forms more than executive search;
- All systems must be encrypted and secure with staff being trained in how to manage personal data;
- Any breaches must be reported to the Information Commissioners Office (ICO) within 72 hours.
Any businesses failing to adhere to GDPR is liable for a 20m Euro fine or 4% of global turnover (whichever is higher); this would be fairly catastrophic for any recruitment firm.
What Should you do?
Firms have until 25th May 2018 to be compliant but should already be in the process of preparing themselves, as such in your daily dealings you have the right to ask any recruiters you deal with:
- Are you registered with the ICO?
- Are you GDPR prepared/compliant?
- What is your protocol in the event of a data leak?
- What data do you hold about me and what is it used for?
Despite the impact of GDPR the truth is that the actual implications are slightly unknown and will become clearer as test cases are bought to court, in the meantime you should be aware of your rights and if you have concerns contact any firm you feel may have your information.
One implication that has not drawn an answer yet is the liability of job boards and recruiters who harvest CVs from job boards; this will fall under the question of consent and will no doubt be answered in due course.
Read the Latest Blog Content from Catandra
Business owners and directors are notoriously busy and don’t spare the time for self-reflection; instead they are busy running the business and firefighting. This means that as time goes on the rationale behind setting up the business is lost; it may have been a great...read more
The UK retail sector has been under a barrage of attacks in recent months that has seen consumer confidence drop and Brexit continue to create high levels of uncertainty. Whilst the UK press might report a strong economic outlook at the moment, when you dig beneath...read more
Candidate Engagement with Internal Resourcing Teams Speaking to senior candidates recently it became clear that people across every career level have struggled with internal resourcing teams and automatic screening; the same is true of recruitment agencies but this...read more