After 20 years, the UK will witness a major overhaul in its data protection laws. New Data Protection Bill published by Government which will come into force on 25 May 2018 will transfer European Union’s General Data Protection into UK law. This law will empower the public to have greater control over personal data- including right to be forgotten as well as give them the right to require social media platforms to delete information on children and adults when asked.
In a statement, Matt Hancock, Digital Minister said, "The new Data Protection Bill will give us one of the most robust, yet dynamic, set of data laws in the world.”
"It will give people more control over their data, require more consent for its use, and prepare Britain for Brexit," he added.
Essentially, the Data Protection Bill will:
- Make it simpler to withdraw consent for the use of personal data
- Allow people to ask for their personal data held by companies to be erased
- Enable parents and guardians to give consent for their child’s data to be used
- Require ‘explicit’ consent to be necessary for processing sensitive personal data
- Expand the definition of ‘personal data’ to include IP addresses, internet cookies and DNA
- Update and strengthen data protection law to reflect the changing nature and scope of the digital economy
- Make it easier and free for individuals to require an organisation to disclose the personal data it holds on them
- Make it easier for customers to move data between service providers
Is your recruitment agency prepared?
With less than 200 working days until the EU General Data Protection Regulation (EU GDPR) and the new UK Data Protection Act become law on the 25th May 2018, is your agency prepared?
Peter Wright, founder and managing director of law firm DigitalLawUK, warned it may already be too late for agencies that have failed to prepare for the new rules, which could leave them with fines of £17m for major breach of the new rules.
These preparations, Wright told Recruiter, should include:
- purchasing a secure and compliant premium product for the sharing of candidate data
- ensuring the data is only used for the purpose for which it was acquired, so not using candidate’s data to spam them
- ensuring proper consent to use candidate’s data is received by using multiple tick boxes, as well as returning to candidates for consent if you start using their data in a different manner at a later date.
But Wright told Recruiter if agencies are only now starting to think about these new rules, it could already be too late to avert the risk of hefty fines.
“We have less than 200 working days to go until the 25 May 2018, and for a big organisation with multiple offices – or even worse multiple offices in different countries – it may already be too late to get the right things in place in terms of governance, in terms of policies, in terms of training, in terms of insurance and in terms of security in tech solutions.”
While many agencies have started reviewing the GDPR and how will it impact them, many of them have still not begun to act. With May’s deadline fast approaching, the risk of not being compliant is very high. Sooner the recruitment companies will start preparing, the better they will be able to minimise the risk of attracting hefty fines.
Stay tuned for more on GDPR and recruitment
In the coming weeks, we will delve deeper into the specific ways GDPR can affect recruitment agencies and the steps your business can change to overcome these challenges.
The QX team has been working hard to ensure that our clients and our business are prepared for GDPR before May 2018 and we have our own in-house IBITG certified GDPR practitioner to ensure we are GDPR ready ourselves. All our offices (UK and India) are ISO 27001:2013 and CyberEssentials Plus certified (which covers almost 75% of GDPR requirements) so we are well on the way.