The General Data Protection Regulation (GDPR), which applied in the UK from 25th May 2018, had a massive impact on recruiters.
What is the General Data Protection Regulation?
The GDPR is a new set of rules that replaced the Data Protection Directive and improved the privacy of consumers by changing the way UK and EU firms collect, use and transfer personal data. This brought in some drastic changes for all businesses that handle personal data, with hefty fines handed out for those that fail to revise their practices and meet the new standards.
What did GDPR Mean for Recruiters?
Recruitment agencies are data businesses, so clearly these changes were likely to hit the sector quite hard. There were four ways recruiters were affected:
- Processing and consent – The GDPR changes the current bases which are used to justify the collection and processing of personal data. Previously, recruitment businesses relied on an individual’s consent to process their data. Under the new rules, the requirements for consent are much stricter. Separate consent is needed to be sought for the processing of data, this meant some businesses had to revisit their data collection and handling processes in order to comply. Recruiters have also needed to give candidates additional clarity about how their data is used.
- Data sharing – Under the new rules, recruiters that share data with third parties, such as umbrella or payroll companies, must have a GDPR-compliant data sharing agreement in place. Existing relationships with parties recruiters shared data with needed to be reviewed to make sure they met the new requirements.
- The rights of individuals – The GDPR built on the existing rights of individuals as well as containing a number of completely new provisions. Most importantly, individuals now have more rights to access any information held about them and ask for any errors to be corrected without undue delay. Individuals are now able to ask that personal data is erased where it is no longer required, and that users can move their data from one recruiter to another in a machine-readable way.
- Security – The final way the GDPR affected recruiters was the new security measures many had to implement. These measures included:
- Steps to ensure the ongoing integrity, confidentiality and resilience of data processing systems;
- The ability to restore data in a timely manner in the event of an incident;
- Introducing processes to test the effectiveness of the security measures in place;
- Creating clear policies that set out how client and candidate data can be used on social media.
Clearly, recruiters needed the shift in the way they engaged with candidates and handled secure client and candidate data.
DB Charles continued to provide regular updates as we got closer to the GDPR introduction date, plus will do so for any further legislation changes in the future. Always stay tuned for further news and advice via our Insights page.