Insights

Is your recruitment process GDPR Compliant?

Written by Lauren Fowles | April 23, 2018

There’s been plenty written about the impending General Data Protection Regulation (GDPR) and the consequences should we all fail to be compliant by May 25.

The storm is coming and as a recruitment business we’re faced with our own unique challenges. And we can’t afford to bury our heads in the sand and simply hope for the best.

That said, GDPR isn’t the scary monster it’s often perceived to be. And these tips will help you prepare your recruitment process for the biggest data protection change in history (honestly – it’s not as scary as it sounds!).

Get your ducks in a row

To ensure that your data is compliant, you need to know where it is – both physically and digitally.

Organise your filing systems and make sure your database is easy to navigate.  Ensure your files are named correctly and clearly and that they’re in the right place.

GDPR gives people the ‘Right to be Forgotten’. This means you must act if an individual requests that you delete every item of information you have about them.

EVERYTHING from personal information mentioned in an email to any record you have of their CV.

They also have the ‘Right to Access’. And if an individual asks for their information (bear in mind you could have multiple requests at once) you’ll have just one month to compile every piece of information you have about them and send it on.

If your database is in peak condition, then this’ll be a walk in the park! If it’s not, you might find yourself taking part in an unpleasant treasure hunt – except without any gold at the end.

Think to the future and get consent

Getting your database in check is how you’ll deal with your existing information. However, you must also ensure that any future data captured is equally as compliant.

Thankfully, this presents a quick win.

You just need to add an extra step whereby you get consent for your business to hold onto data for the sole purpose of the recruitment process.

This can be via a letter or simply a two-line email.

As long as they’ve agreed in writing, you’ve protected your business against breaching GDPR compliance.

Once/if they become an employee, the purpose of holding their personal data will understandably change and the amount of data you’re holding will increase (bank details, home address, etc).

So just ensure that you have a data protection section written into your employee contracts. That way the reason why you’ve captured that data is clear. Transparency is key.

Safety First

You might be lucky enough to have the most efficient data processes and a team of GDPR experts at your beck and call.

But all that work will be in vain if you don’t keep your data protected. Cyber attacks can take down a business with the click of a button.

They’re becoming increasingly sophisticated and as a business it’s more important than ever to take the necessary steps to ensure you’re staying one step ahead of any would-be hackers.

A breach of your data won’t only hurt your reputation – it’ll hurt your organisation’s bank balance too.

Make sure you keep your systems up-to-date, install the latest anti-virus software and remind your employees of their own security obligations.

So, what are we doing?

As a global recruitment partner, we’re responsible for a great deal of personal data. This includes data relating to our own employees, clients, candidates and prospects. Which is way we’ve taken the GDPR bull by the horns.

We’ve created an in-house team of GDPR experts to ensure we’re compliant across every department in each of our global offices. Meanwhile, our fantastic IT team ensure that our cyber security goes above and beyond the necessary requirements to give our clients and team the peace of mind they deserve.

If you’d like to discuss GDPR compliance in more detail then please get in touch with a member of our team at talent@bps-world.com