In case you haven’t heard, there is a law due to be implemented in May next year that changes the way data personal data is collected, stored and used. It will have an impact on almost all business large or small, and it could change the way we do business in recruitment.
Just in case you are not aware of what GDPR is, it stands for General Data Protection Regulation and it basically a replacement for the current Data Protection Act (DPA). GDPR will strengthen the rights of the ‘owner’, usually the individual, when it comes to how and where their data is used.
What happens when it’s introduced?
Once GDPR is introduced it will mean that, amongst other things:
- You will have the right to access data held about you much more easily
- Your information will be only used for the purpose it was gathered for
- You will be able to withdraw your consent and stop further processing
- You will be able to ask for total erasure of your data from a business or site
- A breach of data security must be reported
What this means as a recruitment business is that we will all need to look carefully at how we handle the data our clients provide to us.
Probably the most important part of the above list is the item about have specific permission to use data in specific ways. We are all used to the tick box agreement to data use that means we give a business permission to use our data for their own purposes. One way this could be monitored is through a double opt-in process. So for example, let’s say you visit a recruiter’s website and register for their newsletter or a job availability bulletin. When you provide your email address that would be opt-in number one. At the moment this would usually be enough for a lot of businesses, and your email would be added to the list and stay there. However, after GDPR comes along, you would likely receive an email asking you to confirm that you want to be on the list and telling you specifically what you are signing up to. At that point, you will start to receive only the item(s) you agreed to in the method you agreed to. All this sounds quite reasonable and should hopefully result in a drop in the level of unwanted emails.
A good recruitment specialist will have already started the evaluation their data handling systems and will be working on behalf of the client and the candidate to make sure that they are fully compliant with the new laws.
That said, while the new laws are much tougher and more specific than the old ones, they are not really a worry if you have always been careful and compliant with your data handling.
What GDPR will actually mean to the employment process then is clarity. When it comes down to it, sensitive employment data and personal information are something that all recruitment companies use as a basic part of their daily business. We are happy that all out clients and candidates know what data we have, what we do with it, where and when it will be used, and that they are confident we use it respectfully and for the purpose it was gathered for in the first place.
If, as a candidate or client, you are not as confident that your recruitment company can say the same then when GDPR comes in you may well find you need to look around.