As a recruiter, personal data is essentially your stock-in-trade. From the point when candidates submit their CVs, right through the hiring procedure and beyond, the processing of this data is all part of your service. Talent management and good data management go hand-in-hand, and data protection compliance is a vital element of this.
The General Data Protection Regulation (GDPR) replaced the old Data Protection Act. It brought forth a new data law framework; one that all organisations, including recruitment firms, needed to get to grips with. After Brexit, the UK is now covered by the UK GDPR which is essentially the same as the GDPR itself. Here, we’ll explain how GDPR (and UK GDPR) impacts the recruitment industry and outline some of the key areas recruiters should focus on to stay on the right side of the new law.
GDPR: what is it – and what does it mean for recruiters?
The Data Protection Act was drawn up in a pre-LinkedIn and pre-Indeed world when even the concept of ‘the Web’ itself was still a novelty. Simply put; the law needed to catch up. Hence the arrival of the GDPR, which details how to process the personal data of EU citizens lawfully and securely.
The GDPR aims to make it easier for individuals to access services with confidence that their data will be safeguarded and won’t be misused by the organisations who hold it. The law also seeks to give individuals better control over what happens to that data and who has access to it.
From contact details through to salary expectations and even health information, in-house and external recruiters typically find themselves in control of some of the most sensitive information individuals have to offer. The data regulator (i.e. the ICO in the UK), is well aware of this. Recruiters who fail to take compliance seriously could find themselves sleepwalking towards fines, interventions and other penalties. Find out more about GDPR fines and penalties from our experts right here.
In light of the GDPR, individuals have become better aware of their privacy rights and generally more “security savvy”. Meanwhile, employers are more aware than ever of the need to choose external partners who take data safeguarding seriously.
The result? Recruiters with a reputation for playing fast and loose with personal data may find that their supply of candidates and clients alike could soon dry up.