Skip to main content

10 things recruitment businesses need to know about GDPR

Kerry Hull

Kerry Hull | Marketing Manager

Wednesday 24th Jan, 2018

The arrival of the General Data Protection Regulation (GDPR) - set to be one of the biggest pieces of legislation to come into effect in 2018 - is just a few short months away.

How prepared is your recruitment business feeling? If you're not quite ready for GDPR just yet, or haven't got a clue where to start, you're not alone. Many employers don't even know what GDPR is, however those that do, believe it will be a positive step for data security, improving it significantly. This is why it's important to sit up and take note.

In this upcoming blog series, we'll be telling you exactly what you need to know to make sure your recruitment business is GDPR compliant and ready for its introduction this May. We'll also be answering some of the biggest questions our recruitment businesses have about GDPR so far - keep your eyes peeled over the next few weeks!

1. GDPR will apply from 25th May 2018
GDPR will come into force on 25th May 2018, after which time you’ll need to have considered the lawful basis on which you are holding and processing candidate information.

2. Lots of firms have left preparation until the last minute
You won't be alone in leaving your GDPR preparations until the last minute, but with just five months to go until the legislation's arrival, now is the time to get started.

3. It might be advisable to appoint a Data Protection Officer
Some companies will be legally obliged to have a Data Protection Officer, but aside from this, having a designated data protection adviser and/or project team means your company will have specific people to handle any data queries. Making this part of someone's role and responsibilities will help to prevent data queries from taking up too much of too many people's time, and will stop them from being missed.

4. There are fines for non-compliance
If a company is found not to be complying with GDPR, the maximum penalty is a fine of £17.8 million (€20 million), or four per cent of your firm's annual turnover - whichever is greater - demonstrating just how important compliance is and how seriously data protection will be taken in the future.

5. GDPR compliance is just as important as a cyber security strategy
The potential financial and reputational damage associated with failure to comply with GDPR could be as damaging as not having a robust cyber security strategy in place. The two are equally important in the modern world of business, and data protection specialists could soon be as in demand as cyber security experts.

6. You can no longer be ambiguous about your data privacy policy
From 25th May, your company's data privacy policy will need to be visible to all: to staff, candidates, clients and the general public, should they wish to access it.

7. Implied consent for data is no longer enough
Gaining consent to keep candidates' data is set to be one of the biggest changes brought about by GDPR. In the past, implied consent may have been enough, but this will no longer be the case, and failure to comply could lead to penalties.

8. Consumers will have more control over their data than ever
GDPR puts the consumer, rather than the business, in control of the data. The legislation is all about protecting their information, so your recruitment business needs to be prepared to take any queries or complaints about their data seriously - after all, it will be the law.

9. You will need to establish your lawful reasons to process personal information
'Data' can be broadly defined. Information that you will need to consider include everything from candidates' names and addresses to their CVs and cover letters, and even IP addresses. As you can see, this could be a huge undertaking, which is why it's so important to start preparing now.

10. Brexit won't stop GDPR
There has been some speculation about whether GDPR could be delayed because of Brexit, or if Britain's exit from the European Union will in some way affect the terms of the legislation. But the government has confirmed that this will not be the case.

Regardless of the continued uncertainty around the terms of Brexit, GDPR is coming and it will be here before we know it.

Over the next few weeks we'll be going into much more detail on how your recruitment business can prepare for the arrival of GDPR, so watch this space.