GDPR went into effect on May 25th, 2018 with the aim of establishing a modern and systematize data protection framework across the EU.
The new framework imposes strict duties on employers in relation to the processing of personal data, with potentially very large fines for a breach of the rules (up to €20 million, or 4% of the companies total worldwide annual turnover if higher).
A recent study carried out revealed the even though it has nearly been a year since GDPR has been introduced over 74 percent of UK organisations failed to address requests from individuals seeking to obtain a copy of their personal data within the one-month time limit required by GDPR.
No matter what way you gather data from candidates you must be able to provide them with a privacy notice consent form this provides them with the information on how their data will be used, processed and stored and also, their right to be forgotten.
If a candidate manually hands a CV into your company’s store or applies for your role through an email address, this removes your right to add a candidates CV to your database ( spreadsheets) or store their details in a filing cabinet. Every candidate must be provided with a consent form and they must be able to have their information deleted upon request. Failure to do so means, the imposing of large fines.
Ok, so it is possible to manually obtain consent from the candidate by sending them an email to ask them to agree to your privacy notice. This will no doubt result in a much slower process, slowing down your time to hire ratio.
You also need to keep in mind that when you receive the consent: Where will it be stored? Who will be able to access it? (sharing of candidates CVs /data through emails or spreadsheets is a no, no) and how do you control how long the data is held for?
GDPR isn’t something that can be ignored. Companies must do more to gain the trust of their candidates and reassure them that their data is safely stored and easily obtained if requested to be deleted.
Although the easiest solution is implementing a centralized recruitment software this does, of course, come at a cost that your company should seriously consider creating a budget for. The fines are a lot larger for not being GDPR compliant.