The Impact of GDPR on Candidates and Recruitment
The General Data Protection Regulation (GPDR) comes into force from 25th May 2018; it impacts on any businesses that process EU Nationals data across the world (the UK will be included whatever the outcome of Brexit).
It does not just apply to recruitment agencies and search firms but as a job seeker you should be aware of the ramifications because of the sensitive nature of the data these businesses hold.
What will GDPR do?
The principle behind GDPR is ‘to protect people, not data’, it has been designed to ensure the safe management of individuals data providing protection and holding businesses more accountable for data management.
The Impact on you
The biggest impact on the individual is that you can request for all of your information to be deleted without undue delay (within 30 days). This means that if your details are held online by job boards or locally by headhunters you can effectively delete your digital footprint.
Your data should be held more securely and you have the right to report any non-compliance to the Information Commissioners Office who will investigate on a case by case basis.
Securing your Data
GDPR has not been designed solely for you to manage your information; the purpose is to ensure that businesses take every appropriate measure to keep your data secure. You may recall the data leak from Michael Page in November 2016 that saw over 750,000 candidate details published online.
To summarise the implication on businesses:
- You must give companies your consent to use your data and for what purposes; this may mean having to re-register every candidate;
- Recruiters will be more tightly regulated on who they share your data with and for what purpose;
- Companies collecting data on behalf of others will require GDPR compliance – this will impact RPOs and agency forms more than executive search;
- All systems must be encrypted and secure with staff being trained in how to manage personal data;
- Any breaches must be reported to the Information Commissioners Office (ICO) within 72 hours.
Any businesses failing to adhere to GDPR is liable for a 20m Euro fine or 4% of global turnover (whichever is higher); this would be fairly catastrophic for any recruitment firm.
What Should you do?
Firms have until 25th May 2018 to be compliant but should already be in the process of preparing themselves, as such in your daily dealings you have the right to ask any recruiters you deal with:
- Are you registered with the ICO?
- Are you GDPR prepared/compliant?
- What is your protocol in the event of a data leak?
- What data do you hold about me and what is it used for?
Despite the impact of GDPR the truth is that the actual implications are slightly unknown and will become clearer as test cases are bought to court, in the meantime you should be aware of your rights and if you have concerns contact any firm you feel may have your information.
One implication that has not drawn an answer yet is the liability of job boards and recruiters who harvest CVs from job boards; this will fall under the question of consent and will no doubt be answered in due course.
Read the Latest Blog Content from Catandra
BREXIT – Time for Action It is nearly 2 years since the BREXIT vote took place and to my knowledge in this time nothing has actually happened. I speak with and engage business leaders on a daily basis and from what I can gather no one is any the wiser as to what the...read more
Top 10 Recruitment Tips Welcoming in the New Year not only brings with it renewed business rigour but also itchy feet for people looking to advance their career. As such now is a good time to be recruiting for staff; but only if that fits with your business strategy……...read more
Might seem obvious but ask yourself and more importantly your clients some initial questions….. What is our biggest seller? What do our customers come to us for? What do we do better than anyone? If you don’t know the answer to these (which many businesses won’t) then...read more