Making Tax Digital – don’t worry, we’ve got it covered.
What is it? Making Tax Digital (MTD) is an HMRC initiative to make it easier for individuals and businesses to ...Read more
When the EU’s General Data Protection Regulation (GDPR) is introduced on 25th May 2018, the new rules around data protection will be one of the most important issues for recruitment businesses to deal with. Big fines await those that don’t comply, so it’s vital to know what will be expected of you.
In our last article, we looked at changes to the rules and the extended rights of candidates; this time, we’ll look at the compliance and security aspects of GDPR.
Under GDPR, you’re classed as the ‘data controller’ – the one who’s gathered and using the data – and as such a lot of responsibility falls on you, including being able to demonstrate that you comply with the new rules and principles.
There are a number of ways that can help you do that:
Where’s your data?
GDPR restricts the transfer of data outside the EU, so you’ll need to know exactly where it’s held – if you use a cloud system, it may well be transferred to the US, for example. In such cases, you’ll need to make sure your cloud provider has adequate safeguards in place (in the case of the US, that means being Privacy Shield-certified).
You’ll need to check you’ve got security measures ‘appropriate to the risk’ in place. These should include:
The GDPR defines a data breach as ‘accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data’. If you have one that’s likely to have a detrimental effect on individuals, you’ll need to not only report it to the relevant supervisory authority within 72 hours, but also tell anyone whose data has been breached. If you don’t, you could find yourself fined up to €10million or 2% of your global turnover.
So make sure your team know what a data breach entails and put an internal breach reporting procedure in place to decide who to notify in good time.
To help our clients, we at Back Office have put together a comprehensive guide to the main points of GDPR and how they affect recruiters, which will be ready soon. Of course, GDPR is only one area where we can help. We’ve been helping recruiters expand, start up and switch providers for 20 years. If you’d like to talk to any of the Back Office team, call 01260 280 290 or email firstname.lastname@example.org