GDPR (General Data Protection Regulation) has meant businesses are taking a fresh look at how they think about, control and store data. And in my opinion, that’s no bad thing.
But do businesses really understand what’s expected of them after 25 May? And more specifically, how is the recruitment industry preparing for GDPR?
Recruitment agencies may think they’ve got it covered, but the same mistakes are being made. For instance, many agencies are focusing solely on candidate data, when client information needs to be considered too. Then there’s the confusion surrounding consent – the 70% of recruiters relying on ‘legitimate interest’ to process data aren’t realising they still need to be mindful in the way they collect, share, retain, protect candidate and client information.
With so much advice and opinion about GDPR, it’s no surprise that recruitment businesses are still unsure about what it means for them. One reason could be that much of the context and advice are generic and doesn’t tackle how GDPR will play out specifically in the relation to a recruitment business, the majority of this detail is likely to come with case law.
With this in mind, I’ve been looking into exactly how GDPR will impact our industry. First up, some background…
What is GDPR?
GDPR is designed to protect the rights of around 750 million people in the EU. In practice, candidates and contacts will have to give consent (and recruiters will have to demonstrate a legitimate interest) for personal data to be gathered and used.
Candidates have the right to object if they don’t want their data to be used in a certain way and can request it is deleted completely – known as the ‘right to be forgotten.’ Businesses found to be in breach of these guidelines could face issues and consequences.
Benefits of GDPR
The price of non-compliance with GDPR is not something any business should disregard, however the real driver for adopting new compliance principles is to make your recruitment business more efficient, competitive and secure.
Here are some of the key benefits of GDPR in recruitment terms.
1 Data cleansing
Over the years, recruiters have gathered and stored huge volumes of data. GDPR gives us the chance to look at that data with fresh eyes. Some of the information held will no longer be relevant, will be outdated or incorrect. The opportunity to cleanse our databases means any inaccurate, inconsistent or obsolete data will be removed. We’re thinking of it as our data ‘spring clean.’
2 Earning trust
There’s a growing fear across the industry that recruitment agencies will lose huge volumes of data once GDPR is in place. However, there’s little evidence to suggest that will be the case. The key is making sure individuals know you will treat their data with respect. Offering greater transparency to both candidates and clients means you’re more likely to earn (and keep) their trust in the long-run.
3 Improving industry practice
You don’t need me to tell you that over the years, the recruitment industry’s reputation has become tarnished. But GDPR could change that for the better. It offers us the opportunity to improve the industry’s image and fine-tune our practices.
How Talent is addressing the challenge of GDPR
Here at Talent, we’ve been preparing for GDPR for some time. It’s given us a new focus on how we think about and use data. I’d like to share some of these strategies with you.
Much of our focus has been on processes, specifically working to make them more robust. Protecting the information we have about our clients and candidates. For example, we’ve produced a best practice workflow which maps how recruitment should work from engagement and attraction, all the way through to placing a candidate. We’ve mapped out each point at which data is collected and assessed how we will be recording that information. This also helps us with gaining consent at the right time, and recording proof of that consent.
The system we currently have in place allows us to record consent, when asked for and track data, but moving forward we will continually be looking for ways to improve the system, making it more watertight and responsive. It’s just another part of the continual improvement process that’s so important for recruiters and their candidates.
Another point of focus over the coming weeks and months is education. We’re running training sessions for our consultants, dealing with issues such as: how we collect, how we store data, and what our processes mean for a candidate or client. We also want to make sure our consultants fully understand how to treat data and the repercussions if data is mistreated, hacked or misrepresented.
Finally, we’re taking an ‘all-hands-on-deck’ approach to GDPR compliance. Every employee at every level of the business has a role to play and is being led by our compliance team of six people assigned to manage the impact of new legislation and further improve processes to ensure we have covered the bases.
Some people have described the 25th of May as a ticking time bomb. I’d say this is a little extreme. The true impact of GDPR will only become apparent over the next few months, but rest assured the world certainly isn’t going to end.
Recruiters now need to treat personal information with more care than ever before. One thing we do know is this new legislation will provide better governance for the recruitment industry as a whole.