GDPR: Is Your Recruitment Team in Compliance?

If your recruitment team executes any search work with candidates, clients, or sources in the EU, you will need to keep up to date with the latest regulations. The General Data Protection Regulation  was adopted by the European Parliament on May 14, 2016. This regulation is meant to safeguard the data privacy rights of European Union citizens and affects any organization that is based in the EU or does business in the EU.

Many companies will be subject to new standards of data integrity imposed by GDPR. The law goes into effect in less than a year, requiring recruitment teams to be compliant by May 25, 2018. The penalties for non-compliance, if discovered, can reach up to €20 million in fines. Liability for a security breach can be even more catastrophic, resulting in the same penalties plus liability to the individual, not to mention an overall horrible impact on your reputation.

What Your Recruitment Team Needs to Consider When It Comes to GDPR

My synopsis is not a replacement for legal advice from your own attorney (we are not lawyers). Before adopting any new policy, contact your firm’s lawyer(s) to advise on how to properly comply.

Is Your Technology in Compliance?

Every recruitment team needs to assure there are strict security measures in place to safeguard personal data of EU citizens, and they must have the ability to properly document it. Data floating between programs such as Outlook, Word, or Excel or even your shared folders are disorganized, vulnerable, and fragmented. Some databases configured this way will not meet the new standards set by GDPR. Make sure you have a database provider that is certified with Privacy Shield and can deliver audit details and documentation proving your recruitment software is compliant.

Under the GDPR law, EU citizens have the right to request their name and data be deleted from your database. After you delete their information, learn how to prevent your team from re-entering that same individual back into your database? (Placing this candidate on a ‘hands-off list” will conflict with their original request.) With less than one year until GDPR takes full effect, you need plenty of time to be comfortable and knowledgeable of your software’s compliance.

Are You Required to Appoint a Data Protection Officer?

Under the GDPR, you must appoint a DPO if you:

Article Continues Below
  • Are a public authority (except for courts acting in their judicial capacity);
  • Carry out large-scale systematic monitoring of individuals (for example, online behavior tracking); or
  • Carry out large-scale processing of special categories of data or data relating to criminal convictions and offenses.

Any organization is able to appoint their own DPO within the company. Regardless of whether the GDPR obliges you to appoint a DPO, you must ensure that your organization has sufficient staff and skills to discharge your obligations under the GDPR. Your entire recruitment team must be aware of the data controllers and data protection officers who will be monitoring and implementing these changes within the business.

Do You Have a Good Plan for the Future?

Review all of the GDPR regulation information available online and make sure to speak with an attorney to understand your team’s next steps.

  • Check with your recruitment software partner — seek out their suggestions and advice.
  • Review all of your company’s existing policies and procedures.
  • Make a plan for obtaining data with candidate consent, respect the right of your candidates to be forgotten.

The Final Takeaway

Waiting to explore options may interrupt productivity and be burdensome on teams. Reacting to an emergency in 2018 after GDPR takes effect will be costly, damaging, and possibly incriminating.

There is ample support from advisors that know your business. With the right processes and technologies in place, you can differentiate your team from the competition and assure your candidates and clients that you adhere to the highest standards of compliance.

Kandace Miller is responsible for the marketing strategy at ConveyIQ, the leading candidate engagement and experience platform. Throughout her career, she has developed global marketing campaigns that have helped thousands of boutique and enterprise talent-acquisition teams all over the world evaluate, implement, and manage their recruitment and sourcing technology. Through both her work at ConveyIQ and in her free time, she plays an active role in helping HR professionals network and benchmark best practices.

Kandace Miller began her career in marketing in 2005 working in the media industry where she managed national marketing campaigns for various networks and publications. Prior to joining ConveyIQ, she spent over a decade building the marketing function at Cluen, the industry leader in executive talent-acquisition technology. Prior to that, she worked with L'Oreal managing its global marketing and forecasting efforts for the designer fragrance divisions. She resides in New York City with her husband. In her free time, she composes classical music and recently performed at the Cannes Film Festival in France.