On May 25th, 2018 the GDPR, or General Data Protection Regulation, went into effect and changed the way many companies and organisations in the UK and throughout the EU do business. While many businesses were prepared for GDPR, others, including some recruiting agencies, weren’t quite as prepared and had a difficult time understanding the new regulation and how it affected them.
Those who were prepared for the GDPR and that were well informed, saw the positive changes it could make. There were still some who didn’t understand the purpose of the GDPR so we will start there and explain just what the GDPR is all about.
The Purpose of GDPR
Many people know the GDPR as a data protection regulation, but it is really about protecting the rights of the people. Since data privacy is a human rights issue, the purpose of the GDPR is to enforce those privacy rights and give people more control over their personal data.
The GDPR provides information on some very specific rights, especially those which recruitment agencies should be aware of. These include the Right to Transparency and the Right to Access.
What Responsibilities do Recruitment Agencies Have?
While much of the regulation is standardised for companies and organisations in all industries, there are some responsibilities that recruitment agencies should focus on and comply with. These include:
- Keeping all data up-to-date and deleting it when no longer needed.
- Must show a legal basis for processing any customer or client data.
- Monitor for data breaches and report any that occur within 72 hours.
- Take technical measures to protect data including security precautions to prevent any possible breaches of data.
- Take organisational measures to protect data. This can include creating organisational policies and ensuring that training programs are in place which can guarantee that proper data protocol is being followed.
The GDPR also requires some tangible tasks be completed to comply with the regulation and recruitment agencies should do the following. These are taken directly from the GDPR website to ensure accuracy and clarity.
“Audit: Assess the risks that you create for others in processing their data: candidates, clients, and employees”
“Action: Mitigate the risks that you create for others in processing their data: safeguarding, training, and data cleansing.”
“Document: Be able to demonstrate the steps you took. Documentation is very important.”
While the GDPR is not trying to make your job more difficult, it is trying to protect the personal data of those who are entrusted to your agency. By complying with the regulation and showing that you do value and protect your clients’ personal data, you should be successful in maintaining complete compliance with the GDPR.
If you enjoyed this article, please feel free to share it on your favorite social media sites.