GDPR and Recruitment – What Does it Mean?

Since the introduction of the General Data Protection Regulation (GDPR) in May, recruitment agencies have had to prepare and plan accordingly. GDPR has required recruitment agencies to change the way in which they work in order to adhere to the regulations.

What is GDPR?

Essentially, GDPR is about protecting data but it is also aimed at protecting the right of people. This is down to the fact that data privacy is a human rights issue and so, GDPR was introduced as an attempt to ensure that these privacy right are enforced in the correct way. Prior to the introduction of GDPR, the Data Protection Act of 1998 was in place but over time, the way in which recruitment agencies and businesses handled data changes and so, data control became lost along the way. This means that individuals found that they had less control over who was in possession of the data and so, GDPR was implemented as a way of tackling this problem.

Underpinning GDPR are the rights of individuals and the way in which they have the right to take control of their own data. This involves enhanced transparency, the removal of data and many other data-related rights.

For recruitment agencies, this means that individuals have to be made aware that you have their data. Therefore, it is the responsibility of recruitment agencies to inform individuals that you have their data and how you will use it. Individuals will also have the right to make requests in order to find out what data is being processed and so, recruitment agencies will have 30 days to provide them with every piece of data that is being processes both in a hard or soft copy.

Recruitment Agencies and their GDPR Responsibilities

GDPR is made up of many different parts and not all of them apply to recruitment agencies. This highlights the importance of recruitment agencies understanding what is required of them in order to comply with the regulations.

Recruitment agencies will have to ensure that all data is kept up-to-date and that is kept for no longer than is required. They also have to have a legal basis for processing data with all data breaches being monitored and reported with 72 hours of being identified. There is also a significant importance surrounding the protection of data and that means that recruitment agencies are required to put the correct security precautions in place to prevent breaches. Along with this, recruitment agencies are required to put the correct measures in place to protect data and that relates to policies and training to ensure that the data protocols are followed.

What Do Recruitment Agencies Need to Do?

To remain compliant, recruitment agencies will be required to carry out regular audits in an attempt to assess any risks that you might create for others when you process their data, including that of candidates, clients and employees. These risks have to reduced by implementing data cleansing, safeguarding and relevant training. One very important aspect of remaining compliant is having the ability to demonstrate the steps you have taken and that will prove that you value, respect and protect the personal data that you possess.