What will GDPR mean for Recruitment?

28th August 2017

Elicia Wilkinson

Back to all blogs

In less than 12 months the DPA (Data Protection act) will be replaced by GDPR (General Data Protection Regulation), but what is this and what does it mean for recruitment?

The General Data Protection Regulation (GDPR) will be introduced on 25th May 2018, this is a new EU regulation which will replace the current DPA. The idea is that this will give people greater control over their privacy and personal information and will apply to everyone. Although GDPR is an EU legislation it will not be affected by Brexit, therefore, all companies need to consider how they will comply, especially recruiters.

Recruiting under GDPR

Under the new laws candidates must give consent for their personal data to be collected and used, it needs to be clear to candidates how the data will be used and candidates can ask for their data to be removed. If a recruitment agency does not comply with this there are some very harsh penalties ranging from a fine of €20 million or 4% of the companies global turnover.

The European Commission said;

“Personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address”

So basically any information you have on a candidate you are responsible for, you are responsible for its safekeeping and security and access to any third parties, there is still some confusion over what is defined as personal information and how that applies regionally (so for example different definitions in the UK and Germany).

What should you be doing about GDPR now

Right now you should be assessing all data you have on individuals and be doing a full audit on what you have.

  • Is your data accurate, GDPR will expect you to correct any inaccuracies
  • Any automation you use in your recruitment process based on personal information needs to be opt-in, so you can only do this for candidates who have given consent for use in this way, this will affect prospecting and screening
  • Your privacy policies should be updated to include any way you will be using or processing their data, this should be clear and available to anyone giving personal information
  • Clear out old data, candidates who may not have opted in and make sure moving forward all candidates are opting in, start this as soon as possible
  • Have a data protection officer in your company, someone who can be responsible for data and data protection

At Strategic People, we take the privacy of our candidates very seriously, we are prepared for May 2018 when GDPR comes into force and have all our data safe and secure. We try to be transparent with candidates and clients as to how we use their data. This is why we’re proud of our recent recruitment experience NPS score of 67 when the industry average is 35.