GDPR - The Data Heist in Recruitment
18/09/2017 by MRL
Quick Job Search
These four letters could be sending shivers down your spine: GPDR The General Data Protection Regulation comes into effect on the 25th of May 2018, leaving less than nine months for businesses to prepare and cleanse years’ worth of data. Companies across Europe are having the same reaction, as Executives scramble to prepare for the looming deadline, and try to get their heads around the nuances of the requirements and the widely contradictory demands. Some have already opted to just stop using email as a form of comms all together.
If you cast your mind back to 1998, Microsoft release their most popular UI, Bill Clinton and Monica Lewinsky did not have sexual relations and the DPA came into effect – aka the UK Data Protection Act. Something you will be very familiar with hearing. DPA & GPDR are similar in more ways than one. The GPDR is essentially an extension of the DPA. It works on the concept of ‘controllers’ and ‘processors’ of data and if your business falls into one of those two categories (which nearly every business these days would) then the new regulation will apply to you. And despite what is going on with Brexit the process will still come into effect – so don’t hold on to that.
The legislation focuses on stricter rules on data gathering, consent, storage, increased individual rights on personal data and the power to have your information deleted upon request. The main areas to focus on is:
It also recommends companies with data over two years old to delete it in order to keep records fresh. This is going to cause companies to spend substantial amounts on personnel to handle data. However some question whether records that have been gathered with prior consent should be so stringently scrutinised.
The main outcome of this is you need to have tighter processes and management of your data moving forward. But what about the data from before?
When it comes to recruitment, databases are the life blood of the industry. And best practise is to keep it as clean as possible. Nevertheless this information has normally been built up over the years and could have seen several touch points with the same candidate. However, sometimes how this data has been originally gathered is lost, but the GDPR requires you to maintain records of how you process all information within the company, what they have agreed to and not to, and certain criteria which is allowed to be shared. This puts a real spanner in the works for when it comes to the agencies that have stood the test of time.
Now this might all sound like a great deal of work in a short amount of time. And frankly it is. A lot of companies are being forced to create new departments, roles, or pay for third parties to help make sure they are compliant before May. But as data gathering grows thanks to the IoT, social media, search engines, commercial enterprise, you name it, more and more unique information will be gathered about us. So the transparency and control of this information is vital to avoid a big brother style future.
Digital Minister, Matt Hancock, who is leading the proposed overhaul said:
“It will give people more control over their data, require more consent of its use, and prepare Britain for Brexit.”
With the clock ticking, and the duty of the legislation, GDPR is an unavoidable truth. It is simply, like in most things with business, something that must be taken care off despite the work load attached. It will make an impact on the recruitment sector, but nothing that will rock its core. What is really making this duty seem so scary is the fines, and the tight deadline. But again, this is common in business.
If companies start now, it will make the beginning of 2018 far easier and cheaper. Plus with a good thought-out process in place when it comes to data gathering, and assessment, it will only help speed up recruitment.
But regardless, buckle up, as you will hear a lot about it in the coming months, and we will all be making large changes as a sector to get ready.