Whether its data you capture from prospective clients or relating to the hundreds of CV’s you receive daily, as a recruiter you probably work with a range of sensitive personal data on an on-going basis.
It’s likely, then, that you’ve heard of GDPR. But what exactly is GDPR? How will it affect you as a recruiter? And how can you prepare for it to come into play? We’re answering all this and more in our Guide to GDPR for Recruiters, below.
What is GDPR?
The General Data Protection Regulation (GDPR) will come into play from the 25th May 2018 and was created by the EU to ensure that personal data protection legislation is unified and strengthened in relation to the newer ways that personal data is used. The UK will still be bound by the regulation despite Brexit.
Once GDPR is released, it will supersede the current Data Protection Act 1998 and any organisation which ignores the new regulations could be fined up to 4% of their annual global turnover or €20m – whichever is higher. Certainly reason to take note of GDPR and ensure that your organisation is compliant!
Who does GDPR apply to?
GDPR applies to both the data controller (the organisation that collects personal data, the recruitment agency, in this instance) and the data processor (the company that processes personal data on behalf of the controller, eg. an IT cloud service provider).
What is the purpose of GDPR?
The main purpose of GDPR is to allow data subjects to regain control over their own personal data. It aims to ensure that personal data is lawfully processed and where consent is relied on that the data subjects give their explicit consent for their personal data to be collected and used, as well as giving data subjects the right to ask for their data to be deleted or amended at any point.
According to the European Commission, ‘personal data’ applies to any information relating to an individual, whether from their private, professional or public life and many that apply to the process of finding new employment. Personal data can include:
How to prepare for GDPR as a recruiter:
1. Ensure everyone in your company who needs to know about GDPR is aware:
2. Set up a robust preferred supplier list:
Read our Preferred Supplier Lists Explained guide for more information on PSLs.
3. Clarify the risk involved if you were to be found not to be compliant:
4. Understand how you process candidate data:
5. Ensure you get opt in approval or have another lawful reason to use data from candidates up front:
For more information on GDPR
Whatever position data plays within your business, GDPR is important to bear in mind. For further information on the upcoming regulations, the Information Commissioner’s Office (ICO) have created a useful PDF guide.
How can Parasol help?
At Parasol, we pride ourselves on being fully compliant and have already taken steps to ensure we stay that way once GDPR comes into play. If you’re looking to update your preferred supplier list to ensure you’re working with GDPR compliant umbrella companies, consider working with us.
DISCLAIMER: The information provided in this guidance is for information purposes only and does not constitute advice nor purports to be comprehensive or independently verified. The information contained in this memorandum has been prepared in good faith and with due care by Parasol, however, Parasol makes no representation, warranty, assurance or undertaking (express or implied) and no responsibility or liability is or will be accepted by the Parasol, its respective officers, employees, agents and affiliates in relation to the adequacy, accuracy, completeness or reasonableness of this guidance. It is the responsibility of any recipient/s of this guidance to obtain independent advice in respect of the matters addressed herein. All and any such responsibility and liability is expressly disclaimed. Therefore, the recipient/s of this guidance to the extent that they rely on the information contained herein do so entirely at their own risk.