What is the GDPR is the hot topic of conversation in recruitment these days, and you may or may not be sure about exactly what this is and what it means for your business. There is a lot of confusion about GDPR, so if you are not quite sure where to start, don’t worry, you are definitely not alone!
As part of our pledge to help support local businesses and to help them navigate through the latest legislative changes that affect recruitment, we’ve created a series of three articles to assist you in understanding the new regulations and to ensure that you are fully GDPR compliant once the new rules come into force.
Read on to find out more about what is the GDPR, its purpose and what it will affect in terms of your current recruitment and data processes.
What is the GDPR?
New data protection rules will come into effect across the whole of the EU on 25th May 2018. These new rules will be known as the General Data Protection Regulations (GDPR). The new legislation will give individuals more control over how their data is used by companies. Companies who do not comply with this new legislation could receive a fine of up to €20 million or 4% of the total global turnover.
The aim is to ensure that the data protection law is the same throughout the EU. This will leave less opportunity for confusion. It will affect all companies who are handling personal data.
The GDPR will be implemented through a new UK Data Protection Bill in preparation for Brexit and this will replace the Data Protection Act 1998.
It’s important to remember that this legislation will also affect countries outside the UK who are using data from EU residents.
Why was it introduced?
We live in a time when we are often not entirely sure how our data is being used and the GDPR aims to bring back greater control. It is specifically designed to give people greater peace of mind that their data is being used in the right way and not being exploited.
One of the main changes the GDPR will affect is the rights of individuals with regard to how their personal data is stored, used, accessed and their consent for processing.
Once the GDPR comes into force, individuals will have the right to:
• give explicit consent for the processing of their personal data;
• withdraw consent to use their personal data;
• be notified of a data breach;
• be informed about how their data is being used;
• data portability (the ability to transfer their data from one organisation to another);
• rectification of incorrect or incomplete data;
• object to the processing of their personal data; and
• erasure (ask to have all their personal data removed).
What do I need to do?
You only have until 25th May 2018 to ensure you are GDPR compliant, but it is strongly advisable that you start to prepare for it now. GDPR applies to all companies who use personal data and you will need to undertake a project to analyse the data you currently have stored.
Some of your new obligations will be to:
• assess whether you need to adopt a Data Protection Officer (DPO);
• adhere to the accountability principle (you will be responsible for your own data protection process);
• adopt a ‘Privacy by Design and by Default’ approach. Ask yourself ‘do I still need the data?’ If not, consider Pseudonymisation (replacing identifying fields with artificial identifiers) or Anonymisation (irreversibly destroying the records). It is also important to ensure you have cyber security in place;
• carry out a data protection impact assessment (DPIA). This will help you to identify the best methods to comply with GDPR;
• be transparent – make it easy for individuals to access information about how you use and store their data;
• keep written/electronic records of processing activities; and
• implement procedures to easily identify any risks to the data protection of individuals.
In our next article, we’ll be looking into how the GDPR affects recruitment and what steps you need to take now to ensure that your recruitment processes are fully compliant.
If you don’t want to miss our next two articles on the new legislation, subscribe to our mailing list and you will receive updates directly to your inbox!