The European Union’s GDPR (General Data Protection Regulation) legislation is creeping closer with implications for businesses and general recruiters alike. The laws affecting what happens with job applications and candidate data will come into force in May 2018 and breaching those rules will mean big penalties for employers in every sector, including recruitment companies and online job sites.
The goal of the legislation is to strengthen data protection for individuals, so it’s clear that there will be a big impact on recruiters when handling personal information, such as CVs and job applications, especially now, given so much recruitment is handled online. Anybody that hires employees or deals in recruitment for another organisation will need to review their systems and adapt their procedures to ensure compliance.
Recruiters need to be aware of the key changes
Perhaps the most important change will be in the use of ‘consent’ or ‘active agreement’. Companies must keep records of how consent was given for the acquisition and management of personal data when someone applies for a work or signs up with a recruitment agency or an online job seeking service. That’s a bit more complicated than it sounds, as a tick box will no longer be enough. Companies must be able to show a full audit trail, including forms or screen grabs.
Candidates can then withdraw ‘consent’ at any time, and companies will need to demonstrate they have erased candidate data in a timely manner to avoid the risk of a data breach. Should a breach occur, organisations must inform the relevant authorities within 72 hours and state how they intend to mitigate any potential damage as a result of the breach.
Data sharing will be more heavily regulated than ever before – not only when your organisation shares data with other companies, but also regarding how you acquire CVs and candidate data from the likes of job boards and other parties.
Fines for non-compliance will be severe. Even records with inconsistencies could mean fines of up to £7.9 million, or 2% of global turnover, and candidates applying for work will be encourage to report any instances of non-compliance to the Information Commissioner’s Office.
Take action now
If you think your organisation will be affected by GDPR, you should start by carrying out a data mapping exercise, whereby all data in and out of the organisation can be audited. Review all existing policies and procedures relating to recruitment, as well as the collection and management of personal data and job applications.
For in-house recruitment teams, the focus should be on accountability and transparency. Make sure processes are adapted throughout the recruitment lifecycle, so that the records are there to show that the firm has done everything possible to remain compliant.
Fine-tune your consent practices. Instead of tick boxes, use an explicit opt-in mechanism. Likewise, transparency notices should be clear, concise and easily accessed. Don’t keep CVs or data any longer than necessary. Now’s also a good time to review your contractual relationships with third parties.
Everyone will be affected, but it could be small firms and SMEs without HR departments or the resources to handle the legislation changes that will mostly easily fall foul of the law. Unfortunately, a lack of resources will be no excuse and these companies could end up attracting fines that could seriously damage the business, so it’s vital that business owners and decision-makers start by making themselves aware of the key changes now, before it’s too late.
Don’t forget that Zoek Job Site offers free job advertising!
What are you waiting for? Click below to start posting and get connected to candidates:
Do you use a job multi-poster?
Then you’re in luck as we’re integrated with the following: Logic Melon, Broadbean, Idibu, Job Mate
Simply register and find your integration key under your ‘Account & Settings’ section of your Zoek Hirer Portal account.
If you have any questions or issues, please email us at: firstname.lastname@example.org