The new General Data Protection Regulation (GDPR), which will apply in the UK from 25th May 2018, is likely to have a massive impact on recruiters when it comes in. The government has already confirmed that the UK’s decision to leave the EU will not impact the commencement of the GDPR, so this is something recruiters are going to have to prepare for.
What is the General Data Protection Regulation?
The GDPR is a new set of rules that will replace the Data Protection Directive and improve the privacy of consumers by changing the way UK and EU firms collect, use and transfer personal data. This will bring with it some drastic changes for all business that handle personal data, with hefty fines handed out for those that fail to revise their current practices and meet the new standards.
What Does GDPR Mean for Recruiters?
Recruitment agencies are data businesses, so clearly these changes are likely to hit the sector quite hard. These are the four ways we think recruiters will be affected:
- Processing and consent – The GDPR changes the current bases which are used to justify the collection and processing of personal data. Currently, recruitment businesses rely on an individual’s consent to process their data. Under the new rules, the requirements for consent will be made stricter. Separate consent will need to be sought for the processing of data, with some businesses having to revisit their data collection and handling processes in order to comply. Recruiters may also need to give candidates additional clarity about how their data will be used.
- Data sharing – Under the new rules, recruiters that share data with third parties, such as umbrella or payroll companies, will need to have a GDPR-compliant data sharing agreement in place. Existing relationships with parties recruiters share data with will also need to be reviewed to make sure they meet the new requirements.
- The rights of individuals – The GDPR builds on the existing rights of individuals as well as containing a number of completely new provisions. Most importantly, individuals will have more rights to access any information held about them and ask for any errors to be corrected without undue delay. Individuals will now be able to ask that personal data is erased where it is no longer required, and that users can move their data from one recruiter to another in a machine-readable way.
- Security – The final way the GDPR will affect recruiters is the new security measures many will have to implement. These measures may include:
- Steps to ensure the ongoing integrity, confidentiality and resilience of data processing systems;
- The ability to restore data in a timely manner in the event of an incident;
- Introducing a process to test the effectiveness of the security measures in place;
- Creating clear policies that set out how client and candidate data can be used on social media.
Clearly, recruiters need to be prepared for a shift in the way they engage with candidates and handle client and candidate data. However, while some reshuffling will need to be done, it’s a change that the best recruiters will quickly adapt to.
DB Charles will be providing regular updates as we get closer to the GDPR introduction date, so stay tuned for further news and advice.