General Data Protection Regulation, also more commonly known as GDPR, is the process of consumers gaining more control over who has their data and how it can be used. The regulation has been put in place by the European Commission, European Parliament and Council of European Union to help individuals strengthen the protection of their own personal data. This means all companies within the EU will be affected.
What is GDPR?
Essentially GDPR is about data protection and an individuals rights about the personal data that’s collected from them. Consumers have more control over who obtains their personal information and how it’s used by the company. With more transparency with regards to their data, individuals can order companies to remove their personal data from the system as well as other data related rights. Rights that recruitment agencies should be particularly interested in are the following:
- The Right To Access Data: At any point, individuals have the right to see what information is held by a recruitment agency and anything at all that’s related to them and is in process at the time of the request. Businesses need to oblige to this request and have 30 days to provide the information back to the individual’s request.
- Right to Transparency: When data is being processed by an individual they have a right to know everything about the information being held of them. They can request to be continuously informed about it and they can request what is held about them, why it’s been held and how the business expects to use their data.
The Recruitment Agency’s Responsibility
As GDPR is now in place (was in place as of 25th May 2018) there are requirements of recruitment agencies in order for them to comply with the GDPR regulations if they haven’t done so already:
- Relevant measures need to be taken to make sure that the data is protected and dependable security measures are in place so that breaches don’t occur
- There should be an operation in place that legally processes data correctly and should be widely known of throughout the business
- If a breach of personal data was to occur, it needs to be reported within 72 hours of it happening
- Data should be kept up to date and should not be kept longer than what’s needed
- Provide training to the relevant parties about GDPR processes so that the correct procedure is undertaken. Businesses such as Caunce O’Hara have already put such training schemes into place
What Do Recruitment Agencies Need To Do?
In order to satisfy those who have put the regulation in place, you should go through the following step by step guide so that action isn’t taken against your business.
- Document your current processes considering how you collect and store candidates information. This way you’re able to identify where in the process permission is required to store data. The new regulations now also mean that recruitment can not just willingly share candidates information and are unable to ‘spec’ candidates CV’s without permission from the candidate first.
- Recruitment agencies need to be able to provide a paper trail from the moment they on board a candidate to how they’ve processed their data. Therefore it’s important to have a central system which handles all candidate information. You need to be able to confirm how data is being collected, how you choose to monitor it and how it’s been stored
- Data requires to remain up to date and continue to be updated on a regular basis. This requires being done both internally and externally so that demands can be met of understanding how data will be used.
To summarise, recruitment agencies will be required to be far more transparent with how they obtain and use data of their candidates. If not done so already, the relevant regulations need to be put in place so that they can meet the guidelines for GDPR.