GDPR – What you need to know

When the EU’s General Data Protection Regulation (GDPR) is introduced on 25th May 2018, the new rules around data protection will be one of the most important issues for recruitment businesses to deal with. Big fines await those that don’t comply, so it’s vital to know what will be expected of you.

In our last article, we looked at changes to the rules and the extended rights of candidates; this time, we’ll look at the compliance and security aspects of GDPR.

Your accountability

Under GDPR, you’re classed as the ‘data controller’ – the one who’s gathered and using the data – and as such a lot of responsibility falls on you, including being able to demonstrate that you comply with the new rules and principles.

There are a number of ways that can help you do that:

Where’s your data?

GDPR restricts the transfer of data outside the EU, so you’ll need to know exactly where it’s held – if you use a cloud system, it may well be transferred to the US, for example. In such cases, you’ll need to make sure your cloud provider has adequate safeguards in place (in the case of the US, that means being Privacy Shield-certified).

Security standards

You’ll need to check you’ve got security measures ‘appropriate to the risk’ in place. These should include:

Data breaches

The GDPR defines a data breach as ‘accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data’. If you have one that’s likely to have a detrimental effect on individuals, you’ll need to not only report it to the relevant supervisory authority within 72 hours, but also tell anyone whose data has been breached. If you don’t, you could find yourself fined up to €10million or 2% of your global turnover.

So make sure your team know what a data breach entails and put an internal breach reporting procedure in place to decide who to notify in good time.

To help our clients, we at Back Office have put together a comprehensive guide to the main points of GDPR and how they affect recruiters, which will be ready soon. Of course, GDPR is only one area where we can help. We’ve been helping recruiters expand, start up and switch providers for 20 years. If you’d like to talk to any of the Back Office team, call 01260 280 290 or email

male employee thinking
candidates 21.05.2018

5 things that tell you it’s a candidates market

As 2018 progresses it’s becoming increasingly clear that the market remains predominantly candidate led. Here are a few indicators to ...

Read more
Back Office Support Services 01.05.2018

Remember your first job

Sometimes, even when we’re really busy (which is most of the time!), the conversation here at Back Office turns to ...

Read more

Get in touch...

Thank you for your enquiry.

We will get in touch with you shortly.

  • Email Address
  • Phone Number