How the GDPR affects recruitment is a vast subject. As recruitment is highly data driven, this can be one of the most difficult areas to control when it comes to complying with GDPR.
Most companies recruit. Even if you are using a recruitment agency, you will need to be stringent with the personal data you are storing. Personal data is anything relating to a person’s life, including their address, CV and pretty much any personal data you might collect during the recruitment process.
In this second instalment of our GDPR compliance series, we’re going to be looking at how the GDPR affects recruitment and the areas you need to be aware of when it comes to the changes in legislation. We’ll also give you seven necessary tasks that you need to carry out to ensure that you’re ready for the GDPR before the deadline.
How the GDPR affects recruitment processes
Your recruitment process may involve online applications, CV’s forwarded by agencies and CV’s sent directly. With GDPR coming into play, you will need to gain an understanding of the personal data you are storing throughout your recruitment process and whether this fits in with the new legislation.
Before storing any information, you will require consent from the individual and they will have the right to be informed about what you intend to use their information for. Please note that an individual can withdraw consent at any time to the processing of their personal data.
Changes to Individual Rights
Individuals have the right to subject access; this means that they can ask, at any time, to get a copy of any information you hold on them, so now is the time to archive any personal data you no longer need and ultimately delete. Archiving alone will not meet the erasure requirements.
There will be examples where you are required to keep data for a minimum period e.g. the Conduct Regulations require recruiters to keep certain records for at least a year. In this instance, you must ensure data is destroyed after the set period and you must explain the same to the individual.
We discussed the changes to individual rights in our first article – What is the GDPR, so click here to take a look.
Any automated processes in recruitment must be transparent. If candidates have a decision made about them based on automated processes, they may be able to appeal the decision.
Employers who are working with recruitment agencies must also be aware of their compliance with GDPR. It is worth taking a look at your PSL and making sure you know what the agencies processes are and how they are ensuring compliance with the GDPR legislation.
What you need to do now to ensure GDPR compliance
Now is the time to start reviewing your current recruitment process to get ready for the GDPR, so some investigation is required to gauge just how many changes you need to put in place to be fully compliant and stay on the right side of the law.
Carrying out the following tasks will give you a great start towards total GDPR compliance and provide you with a clearer picture of what changes your business needs to make in regards to personal data:
1. Carry out an information audit to assess how you manage candidate, client and other personal data.
2. Review your data processes and develop a procedure to record data processing activities.
3. Review your data security procedures to ensure you are taking sufﬁcient steps to keep personal data secure.
4. Assess how you handle subject access requests to ensure you will be able to process these for free and within one month.
5. Discuss the implications of the GDPR with companies in your supply chain.
6. Train your employees to handle personal data correctly.
7. Consider appointing a data protection ofﬁcer
We hope you’ve found our how the GDPR affects recruitment article useful. If you missed the first part of our GDPR series, what is the GDPR?, click here to read the article.
In our final GDPR article, we’ll be sharing an easy to follow checklist for complying with the legislation throughout your recruitment process. Check back soon and don’t forget to subscribe to our mailing list to get the latest update.