The recruitment industry is a weathervane for the economic and political landscape. The world around us changes and recruitment changes with it.
Which is why in a time of political upheaval, a change in Prime Minister, as well as the recent Brexit, it’s no surprise that the recruitment industry is being put through its paces right now.
Despite leaving the EU and the ongoing negotiations, the EU has issued new regulations that the UK must comply with, regardless of Brexit. As of the 25th May 2018, the GDPR will be coming into force, and naturally this will impact recruitment agencies across the UK.
What’s up with GDPR?
General Data Protection Regulation (GDPR) centres on personal data and keeping this information safe.
Naturally in recruitment we handle so much personal data and information on a daily basis and have a duty of care towards our candidates and clients. The new regulation is designed to give individuals greater rights and protection.
Why should recruiters care?
Whilst many are sceptical about how strictly GDPR will be enforced, there are potential fines of up to €20 million for data beeches, or alternatively, 4% of your global turnover (whichever is higher). The EU are cracking down on strict legal liabilities for any data breeches, and no business can afford fines like that, or the legal implications.
What is personal data?
Classified as information held about a living individual. Anything that has previously been defined in the UK Data Protection Act (DPA) can be considered personal data. The GDPR includes an even broader definition of personal data. For example, an IP address is a personal identifier and is considered personal data. And remember, this includes all information online, or in a physical filing cabinet. You can safely assume if you hold information that falls within the DPA, it also falls within the GDPR.
What does this mean?
For individuals, they have a right to:
- Transparency: to be kept informed about the use of their data
- Access: to their data whenever they want it
- Amend: their data when necessary
- Delete: their data when there is no ‘compelling’ reason to process it
- Block: the processing of their data
- Reuse: their data across various different services
- Object: to processing their data based on marketing or ‘legitimate interests.’
In short, individuals have complete ownership and control over their personal data, and as recruitment businesses, we have a responsibility to always honour data requests.
Previously, data may have been a side issue, but now it’s front and centre and needs to be a part of your company strategy. Make data protection a central issue across your business will ensure that you’re always compliant as a recruitment agency.
So how can recruitment agencies comply with confidence? Our recommendations:
1. Firstly, understand what personal data you hold, where it is and what you need to do with it. Over the coming months we’ll be providing you with more direction to support you every step of the way during your compliance and data journey. A good place to start is APSCO’s data questionnaire. This will allow you to understand what and where your data is. Understanding this will give you the right springboard and foundations to launch the rest of your data strategy.
2. You can’t assume anything anymore. Previously recruiters have been able to rely on implied consent to process data, but this is no longer possible under the new GDPR. It will be your responsibility to obtain express consent and other legitimate reasons for holding and processing data. The power has shifted and individuals have far greater rights now.
3. You’ll need to implement a strategy for managing all that data once you have it. Many recruitment agencies haven’t previously thought about this and don’t have any policies regarding retaining or deleting data. As mentioned previously, the individual has far greater rights and we can no longer sit on masses of data without consequences.
4. Marketing is about to change. Because of the new GDPR regulations, how you market to, and keep in touch with your candidates, will change. Weaving marketing into your daily communications will probably become best practice.
5. Now is the time to consider hiring a specialist. Understanding all these new data regulations is a full-time job, so make sure you allocate it to someone to ensure it doesn’t fall by the wayside. Appointing a data protection officer will be a wise move or seeking this advice external to guide you. All firms will need a key individual who is responsible for data and compliance, as opposed to it being thrown on the person with the smallest workload.
6. Security matters. Given the potential fines your agency could face if any personal data is leaked, it’s important that all your IT and software is up to date and can manage the new data regulations. To find out how your recruitment software should be helping you stay compliant speak to your software provider, or get in touch with Access Recruitment.
At Access, we’re focused on continuing to helping recruitment businesses to improve their margins whether through greater cost control, improved productivity or compliance. If you have any questions about how your software can help you stay compliant, get in touch with one of our specialists today.