The most important things recruitment businesses need to know to begin complying with the General Data Protection Regulation (GDPR).
Personal information is at the heart of recruitment, as the sector's entire business model depends on obtaining personal information from clients and candidates to find job matches, with this data often remaining on their books long after these matches have been made.
However, once the General Data Protection Regulation (GDPR) comes in on Friday 25th May, this will no longer be allowed if the recruitment business does not have a lawful reason to keep hold of the data and it may only hold such data for a specified amount of time.
Failing to comply could bring significant financial penalties, so preparation and compliance are vital.
With data so central to recruitment, the task of preparing for GDPR could be greater for recruiters than for companies operating in other sectors. But by following a clear set of steps, your recruitment business can make sure it's ready for GDPR ahead of its arrival in May.
Do a data audit
To start with, you need to know exactly what personal information you have, where it is stored, how it is used and who within the company has access to it.
This is the first real step to implementing GDPR at your recruitment business. From here, you'll be able to start going through everything, working out what data you need to dispose of, what you can keep and what you need to gain consent for (if applicable).
Investing time and resource in completing this step is important, as it will help your business set a plan on what you need to tackle first.
Make managing your data as simple as possible
The arrival of GDPR presents an ideal opportunity to simplify your company's overall data management. The work needed to prepare for the legislation may sound complicated, but once you're ready for GDPR, you should be able to manage your company's data more simply in future.
Appointing a dedicated data protection adviser (or a data protection officer if you're obliged to do so) is one way that this can be achieved. This doesn't have to be someone's sole job, it could be as simple as assigning the task of dealing with any data queries to one person so that it doesn't impact on the time of too many people.
Update your privacy policies
Making this visible to all candidates via your website and at your office will help to ensure full transparency to everyone, reassuring applicants that you're complying with GDPR and protecting their data.
As part of this, your business will also need to make sure its data protection policy is updated and visible to all staff, so dedicate some time over the next couple of months going through all of your current policies and updating them in line with the terms set out by GDPR.
How will your recruitment business respond to a data breach?
Your recruitment business will need to be able to respond promptly to data breaches, notifying both the Information Commissioner's Office (ICO) and the data subject in certain circumstances.
You'll need a solid strategy in place to detect, report and respond to data breaches. Spend the time now establishing your data breach procedures, rather than panicking and risking further damage to your reputation by leaving it until after you've suffered a breach.
Getting started with GDPR compliance
If you have any more questions about getting your agency on the right track to compliance with GDPR, don't hesitate to get in touch with your client relationship manager here at PayStream.
We also recommend using Tifo, a cloud-based back-office support software solution, that enables you to manage contractor consents and permissions online quickly and easily, ahead of the introduction of GDPR.
We've been covering some of the biggest challenges you're likely to face as you implement GDPR at your recruitment businessso keep a lookout for more handy tips on complying with the new legislation.