The new GDPR (General Data Protection Regulation) legislation, concerning the handling and storage of personal data, agreed by the European Commission on 27th April 2016, is set to come into force during May 2018. The legislation will replace the existing Data Protection Directive 95/46/EC with changes that include tougher penalties for non-compliance. Firms, recruiters and online job boards will have to make changes to their data policies in order to avoid falling foul of the law and this could affect the way they sign up candidates, as well as more general recruitment processes.
Protecting job seekers as well as businesses
The existing legislation dates back to the 90s, so given the way technology has progressed since then, it’s well overdue an update. The way data is harvested, stored and manipulated is much more complicated than it was twenty years ago and obviously cybercrime is a much bigger concern both for businesses, as well as individuals applying for a job.
For job seekers, it essentially means that you can request that all your personal data and information held by firms, recruiters and job boards be deleted within thirty days. One major change will be in terms of ‘consent’. Companies must keep records of how and when candidates, or end-users, give consent for the acquisition, storage and usage of personal data, when they register or sign up to use services. This will be known as ‘active agreement’ – and a tick-box will no longer be sufficient. Companies must be able to show a full audit trail, including screen grabs or consent forms. Job seekers will be able to withdraw their consent at any time and companies will need to show that all their personal data was erased.
Should a data breach occur before they’re done that, the new rules are equally stringent. Those holding personal information or data must inform the relevant authorities within 72 hours. Furthermore, that disclosure must come with a proposal for mitigating any potential damage as a result of the breach. If records held by organisations show inconsistencies, they could be subject to a fine of 2% of company turnover. When applying for a job, you have the right to report any non-compliance to the Information Commissioner’s Office where it will be investigated on a case to case basis.
Preparing for GDPR
For many companies, the legislation will mean a full data audit, followed by a complete overhaul of all procedures concerning the collection, storage and management of personal data.
As a job seeker, these are the basics you need to know when applying for a job:
· You must give employers ‘consent’ to use your personal data.
· Recruiters will be monitored on how they use information from those who register or sign up.
· Companies collecting data on behalf of others will be subject to GDPR compliance.
· Organisation must report breaches to the ICO (Information Commissioner’s Office) within 72 hours.
It’s worth adding here that although social media is not covered by the GDPR legislation, EU data protection agencies have also issued guidelines requiring employers to have a ‘legal ground’ before checking the social media profiles of job seekers.
The full implications of the GDPR legislation are still unknown and will become clearer once implemented, but if you have concerns about your personal data, in the first instance, you should contact the organisation that you believe has your information. If unsatisfied with the outcome, you can then get in touch with the Information Commissioner’s Office.
Did you know that Zoek has the following jobs available:
Remember, you can also search, swipe and apply for jobs on the go on our Zoek App - Free to download on iOS and Android.