Is Your Recruitment Data GDPR Compliant?

Front Page | Insight & Opinion

Is Your Recruitment Data GDPR Compliant

Replacing the previous 1995 data protection directive, the EU General Data Protection Regulation (or GDPR) is coming. Broadly speaking if you hold personal data or sensitive personal data (i.e. if you are a recruiter / employer) these changes will affect you.

What is GDPR?

After 4 years of discussions and negotiations the EU agreed to a set of new data privacy laws on the 27th April 2016. Enforceable from 25th May 2018 the new laws are designed to be more robust and relevant for the digital age.

Aiming to harmonise and standardise data privacy laws across the whole of Europe, these changes are set to give greater protection and rights to individuals.

Ensuring GDPR Compliance

>>   Transparency is a key principle of GDPR, therefore privacy policies should be accessible to candidates at all stages of the application process. Policies should be clear and concise and highlight how you intend to use collected data and for how long.

>>   If automation processes are used as part of your recruitment strategy then individuals have the right to know this and be given the option “not to be subject to a decision” if it is likely to have a significant effect.

>>   It is no longer possible to hold onto candidate data indefinitely. You can only keep candidate data for a time period that is deemed necessary. You need to be clear in your privacy policy on what information you intend to keep and how long you intend to store it for.

>>   Be clear on how you intend to manage your data going forward, look at what features your recruitment systems have to handle GDPR compliance – will they auto-delete data after a set period of time, is automated marketing used to re-engage candidates?

>>   As well as putting new obligations on the businesses who are collecting data, GDPR gives a higher level of access to individuals who want to access it. If requested you need to provide all data you have on that individual free of charge and within 1 month.

Receiving candidates from businesses that aren’t processing the information legally could affect you. Choose reputable recruitment suppliers who are GDPR compliant.

Further Reading

>>   The full regulation on GDPR. It has nearly 100 pages – you’ve been warned.
>>   The ICO’s guide to GDPR is a comprehensive breakdown of what you need to do to comply with the changes.
>>   The official EU website for GDPR.

In related news: Are your job adverts compliant?