Replacing the previous 1995 data protection directive, the EU General Data Protection Regulation (or GDPR) is coming. Broadly speaking if you hold personal data or sensitive personal data (i.e. if you are a recruiter / employer) these changes will affect you.
What is GDPR?
After 4 years of discussions and negotiations the EU agreed to a set of new data privacy laws on the 27th April 2016. Enforceable from 25th May 2018 the new laws are designed to be more robust and relevant for the digital age.
Aiming to harmonise and standardise data privacy laws across the whole of Europe, these changes are set to give greater protection and rights to individuals.
Ensuring GDPR Compliance
>> Transparency is a key principle of GDPR, therefore privacy policies should be accessible to candidates at all stages of the application process. Policies should be clear and concise and highlight how you intend to use collected data and for how long.
>> If automation processes are used as part of your recruitment strategy then individuals have the right to know this and be given the option “not to be subject to a decision” if it is likely to have a significant effect.
>> Be clear on how you intend to manage your data going forward, look at what features your recruitment systems have to handle GDPR compliance – will they auto-delete data after a set period of time, is automated marketing used to re-engage candidates?
>> As well as putting new obligations on the businesses who are collecting data, GDPR gives a higher level of access to individuals who want to access it. If requested you need to provide all data you have on that individual free of charge and within 1 month.
Receiving candidates from businesses that aren’t processing the information legally could affect you. Choose reputable recruitment suppliers who are GDPR compliant.
>> The full regulation on GDPR. It has nearly 100 pages – you’ve been warned.
>> The ICO’s guide to GDPR is a comprehensive breakdown of what you need to do to comply with the changes.
>> The official EU website for GDPR.
In related news: Are your job adverts compliant?