The General Data Protection Regulation (GDPR) comes into force on May 25 this year, designed to improve data and information security across Europe. The personal data of all EU individuals must be gathered, stored and disposed of in accordance with the new regulations and, despite Brexit on the horizon, the UK is no exception. Non-compliance with the GDPR could have a sizeable reputational as well as financial impact, with fines potentially taking the form of a percentage of the annual turnover.
- Audit your database and map your data to understand its flow
Once your database is clean and up to date, you should document how personal data comes in and out of your business. During the recruitment process, it could come in directly from candidates; via social media; a referral programme; or from your website. At this stage, you should also identify which of the legal bases under GDPR you are justified in collecting and storing this data.
- Draft a new data handling, compliant policy
GDPR includes new requirements that will impact recruiters. There is now no single consent agreement to cover all the uses of a candidate’s data, so separate consent, which must give a clear option to agree or disagree, must be gained for each individual activity. Don’t rely on your CRM system to automatically do this either, unless you have explicitly set it up to do so!
- Train staff on what is required of them
Employees, particularly those involved in the recruitment process, should be trained and conversant in GDPR. It is the company’s responsibility to ensure that they know what is required of them and of the implications of not adhering to the legislation. Larger firms should consider hiring a Data Protection Officer to both gain and help maintain compliance.
- Ensure all business partners are compliant
If you share data with any outside partners, such as a recruitment consultancy or outsourced payroll or I.T., then you will need a new data sharing agreement in place that complies with GDPR. For recruiters, this might include data that comes in via job boards, for example.
- Communicate your compliance
Finally, it’s worth noting that, in today’s world of cyber threats, GDPR compliance also legally protects organisations should they suffer a data breach. While it may not deter hackers in any way, your company will be in a better legal position should you lose any data. You’ve got three months, so any questions, let us know!