It’s not very long before GDPR becomes a reality. The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) which will replace the current Data Protection Act (DPA) will come into force on 25th May 2018. While it intends to strengthen and unify data protection for all individuals within the European Union (EU), it will not be affected by Brexit.
These changes will significantly impact how recruiters work and will make recruitment agencies collect, process and store data.
GDPR will give individuals right to
- be provided with information on the identity of the controller, the reasons for processing their personal data and other relevant information necessary to ensure the fair and transparent processing of personal data.
- give explicit consent for processing of their personal data
- get their incorrect data rectified, erased or blocked
- be notified of the breach
- withdraw consent for further processing
- not be subject to a decision that is based on automated processes unless you have their explicit consent
The steps recruiter can take to ensure they comply with the GDPR regulations:
GDPR awareness and training- Train your consultants and staff to handle personal data correctly
Database audit- Conduct an internal audit of what personal data you hold, from where you have received it, and how that is processed and stored.
Review your existing policies and procedures- Review your data processes and develop a procedure to record data processing activities.
Data security procedures- Review your data security procedures to ensure you are taking sufficient steps to keep personal data secure
Work with your suppliers and partners- See what they can do to make you compliant and discuss the implications of the GDPR with companies in your supply chain.
Make someone responsible for data protection- Consider appointing a data protection officer.
Stay tuned for more on GDPR
The QX team has been working hard to ensure that our clients and our business are prepared for GDPR before May 2018 and we have our own in-house Data Protection Officer to ensure we are GDPR ready ourselves. All our offices (UK and India) are ISO 27001:2013 and CyberEssentials Plus certified (which covers almost 75% of GDPR requirements) so we are well on the way.
Legal disclaimer: Please note that the above is for general information purposes only and does not function as legal advice.