If your recruitment team executes any search work with candidates, clients, or sources in the EU, you will need to keep up to date with the latest regulations. The General Data Protection Regulation was adopted by the European Parliament on May 14, 2016. This regulation is meant to safeguard the data privacy rights of European Union citizens and affects any organization that is based in the EU or does business in the EU.
Many companies will be subject to new standards of data integrity imposed by GDPR. The law goes into effect in less than a year, requiring recruitment teams to be compliant by May 25, 2018. The penalties for non-compliance, if discovered, can reach up to €20 million in fines. Liability for a security breach can be even more catastrophic, resulting in the same penalties plus liability to the individual, not to mention an overall horrible impact on your reputation.
What Your Recruitment Team Needs to Consider When It Comes to GDPR
My synopsis is not a replacement for legal advice from your own attorney (we are not lawyers). Before adopting any new policy, contact your firm’s lawyer(s) to advise on how to properly comply.
Is Your Technology in Compliance?
Every recruitment team needs to assure there are strict security measures in place to safeguard personal data of EU citizens, and they must have the ability to properly document it. Data floating between programs such as Outlook, Word, or Excel or even your shared folders are disorganized, vulnerable, and fragmented. Some databases configured this way will not meet the new standards set by GDPR. Make sure you have a database provider that is certified with Privacy Shield and can deliver audit details and documentation proving your recruitment software is compliant.
Under the GDPR law, EU citizens have the right to request their name and data be deleted from your database. After you delete their information, learn how to prevent your team from re-entering that same individual back into your database? (Placing this candidate on a ‘hands-off list” will conflict with their original request.) With less than one year until GDPR takes full effect, you need plenty of time to be comfortable and knowledgeable of your software’s compliance.
Are You Required to Appoint a Data Protection Officer?
Under the GDPR, you must appoint a DPO if you:
- Are a public authority (except for courts acting in their judicial capacity);
- Carry out large-scale systematic monitoring of individuals (for example, online behavior tracking); or
- Carry out large-scale processing of special categories of data or data relating to criminal convictions and offenses.
Any organization is able to appoint their own DPO within the company. Regardless of whether the GDPR obliges you to appoint a DPO, you must ensure that your organization has sufficient staff and skills to discharge your obligations under the GDPR. Your entire recruitment team must be aware of the data controllers and data protection officers who will be monitoring and implementing these changes within the business.
Do You Have a Good Plan for the Future?
Review all of the GDPR regulation information available online and make sure to speak with an attorney to understand your team’s next steps.
- Check with your recruitment software partner — seek out their suggestions and advice.
- Review all of your company’s existing policies and procedures.
- Make a plan for obtaining data with candidate consent, respect the right of your candidates to be forgotten.
The Final Takeaway
Waiting to explore options may interrupt productivity and be burdensome on teams. Reacting to an emergency in 2018 after GDPR takes effect will be costly, damaging, and possibly incriminating.
There is ample support from advisors that know your business. With the right processes and technologies in place, you can differentiate your team from the competition and assure your candidates and clients that you adhere to the highest standards of compliance.