The Impact of GDPR on Candidates and Recruitment
The General Data Protection Regulation (GPDR) comes into force from 25th May 2018; it impacts on any businesses that process EU Nationals data across the world (the UK will be included whatever the outcome of Brexit).
It does not just apply to recruitment agencies and search firms but as a job seeker you should be aware of the ramifications because of the sensitive nature of the data these businesses hold.
What will GDPR do?
The principle behind GDPR is ‘to protect people, not data’, it has been designed to ensure the safe management of individuals data providing protection and holding businesses more accountable for data management.
The Impact on you
The biggest impact on the individual is that you can request for all of your information to be deleted without undue delay (within 30 days). This means that if your details are held online by job boards or locally by headhunters you can effectively delete your digital footprint.
Your data should be held more securely and you have the right to report any non-compliance to the Information Commissioners Office who will investigate on a case by case basis.
Securing your Data
GDPR has not been designed solely for you to manage your information; the purpose is to ensure that businesses take every appropriate measure to keep your data secure. You may recall the data leak from Michael Page in November 2016 that saw over 750,000 candidate details published online.
To summarise the implication on businesses:
- You must give companies your consent to use your data and for what purposes; this may mean having to re-register every candidate;
- Recruiters will be more tightly regulated on who they share your data with and for what purpose;
- Companies collecting data on behalf of others will require GDPR compliance – this will impact RPOs and agency forms more than executive search;
- All systems must be encrypted and secure with staff being trained in how to manage personal data;
- Any breaches must be reported to the Information Commissioners Office (ICO) within 72 hours.
Any businesses failing to adhere to GDPR is liable for a 20m Euro fine or 4% of global turnover (whichever is higher); this would be fairly catastrophic for any recruitment firm.
What Should you do?
Firms have until 25th May 2018 to be compliant but should already be in the process of preparing themselves, as such in your daily dealings you have the right to ask any recruiters you deal with:
- Are you registered with the ICO?
- Are you GDPR prepared/compliant?
- What is your protocol in the event of a data leak?
- What data do you hold about me and what is it used for?
Despite the impact of GDPR the truth is that the actual implications are slightly unknown and will become clearer as test cases are bought to court, in the meantime you should be aware of your rights and if you have concerns contact any firm you feel may have your information.
One implication that has not drawn an answer yet is the liability of job boards and recruiters who harvest CVs from job boards; this will fall under the question of consent and will no doubt be answered in due course.
Read the Latest Blog Content from Catandra
What is Executive Search Executive Search is a form of recruitment typically used to deliver a result in the following circumstances: Highly confidential/commercially sensitive role; Unique/Niche candidate requirements. In regular recruitment known as contingent...read more
Where does a Retail Executive Search Specialist Add Value? Engaging a headhunter to undertake a search assignment is not a task to be taken lightly; you are bringing in external expertise and entering a two way relationship with both parties accountable for the...read more
5 Pointers for Recruiting Digital Retailers E-commerce has been around for some time now and many retailers still struggle with the concept of incorporating digital into their retail offering. One of the biggest challenges is identifying the skillsets required to...read more