Making Tax Digital – don’t worry, we’ve got it covered.
What is it? Making Tax Digital (MTD) is an HMRC initiative to make it easier for individuals and businesses to ...Read more
Big changes are afoot in data protection. Chances are you’ve heard of the EU’s General Data Protection Regulation (GDPR), due to be introduced on 25th May 2018. What you may not have realised is the wide-reaching effect it’ll have on anyone in recruitment.
At Back Office, we’re all about helping our clients in every way we can. So we’ve put together a comprehensive guide to GDPR just for recruiters which will be ready soon but in the meantime, here’s a brief outline of the four reasons why you need to be prepared.
1. GDPR will affect every recruiter
Data is a huge part of every recruitment business. Day to day, you’re gathering personal data about your candidates, storing it and sharing it with others. As GDPR is designed to provide greater protection for individuals and puts greater responsibility on the person ‘controlling’ the use of their data (i.e. you), how you manage and handle it will need to change.
2. Non-compliance is not an option!
Eye-watering fines are an integral part of the GDPR. And not just for careless data breaches (remember Talk Talk’s £400,000 fine for a 2015 data breach? Under GDPR, that would total £59million!).
Fail to follow the basic principles for processing your data, and you could be fined up to €40million, or 4% of your total global revenue, whichever is greater. So needless to say, it’s worth knowing what you need to do!
3. There are BIG changes to the existing rules
The reasons for creating the GDPR are twofold: firstly, the Data Protection Act is now 20 years old, and pre-dates much of the internet’s use of data; and secondly, the EU wanted to make the legalities surrounding data clearer and more consistent for businesses across the single market.
As you can imagine, that’s going to have a significant effect on the way you work. These are just a few of the biggest changes:
• Consent – there’ll now be much stricter rules for obtaining consent from individuals.
• Accountability – as data controller, you’re responsible for meeting the GDPR requirements and demonstrating compliance.
• Integrity & confidentiality – you’ll need to protect personal data from unauthorised or unlawful processing and against accidental loss, destruction or damage.
• Data Minimisation – the data you gather must be adequate, relevant and limited to what’s necessary for the purposes of recruitment.
• Personal/Sensitive data – new categories of data have been specified that expand the definition of personal data.
• Lawfulness – personal data must be processed lawfully, fairly and in a transparent manner.
• Storage Limitation – personal data can only be kept for ‘as long as necessary’ for the purpose for which it’s processed
4. Candidates now have many more rights
As the new legislation is there to protect individuals, you’ll need to know exactly how candidates’ rights have been extended.
For example, they need to be informed about how you’re using their data (even if you gather it from social networks, CV databases and so on). Candidates can ask to see what data you hold on them at any time, and for any inaccuracies to be rectified or even erased. And they now have the right to restrict or object completely to your processing their data, and to be informed about any automatic profiling so they can object if they wish.
While that’s just a basic outline of the changes to candidates’ rights, essentially GDPR aims to make data use more transparent and put control of that data firmly into the hands of the individual. Which, after all, is no bad thing.
In our next blog, we’ll look at how GDPR will impact on your accountability as data controller, new security rules and data breaches.
In the meantime, if you’d like more detail on the topics covered here talk to one of our team by calling one of our team on 01260 280 290.