General Data Protection Regulation (GDPR) is set to be introduced next year; a shift that recruiters need to pay attention to. As of 25th May 2018, the GDPR will replace the current Data Protection Act and unify data regulations within the EU,  giving people more control over their personal information. Regardless of the fact that GDPR is an EU initiative, according to reports Brexit will not affect its introduction in the United Kingdom.

In simple terms, the regulation applies if the data controller, processor, or the data subject is based in the EU. Though, differently to the current directive, GDPR will apply to organisations which aren’t based in the EU if they go ahead and process personal data which belongs to EU residents.

According to the European Commission, “Personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address”.
Therefore, personal data isn’t defined by the legislation, and ultimately regional differences need to be taken into consideration.

If you store data about individuals, you are responsible for its safe keeping and security. Additionally, you are then responsible for whom sees it and has access to it. According to the regulation, you will also need to decide the appropriate ways in which to share this information with others.

How will this affect your recruitment process?

As one of the industries heavily impacted by the change, below are just a few things recruiters should consider:

• The rights for individuals under GDPR will change. From the 25th May 2018 rights will include having subject access, information erased and inaccuracies corrected.
• Unless you have their explicit consent, potential candidates will have the right to not be subjected to an automated process.
• Each private contract will need to be updated with your legal formalities of processing individual’s data.

What do you need to do?

• Be fully responsible for your data cycle.
• Review existing agreements and procedures
• Actively work with partners and suppliers to become a compliant.
• Have an individual that’s responsible for data protection.

What happens if the GDPR is breached?

According to article 31 of the GPDR, “In the case of a personal data breach, data controllers shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority […] unless the personal data breach is unlikely to result in a risk for the rights and freedoms of natural persons/[individuals]”.

Overall, a data breach is something that causes harm to people and their personal details are compromised. Therefore, this doesn’t certainly mean that there’s been a loss of finances.

Here at Recruitment Solutions Wales, we operate in a completely compliant fashion. So, if you are considering outsourcing recruitment demand, be sure that we can help. We can dedicate time and resources to scouting, engaging, contacting, hiring, and on-boarding top talent, helping your business move forward. For more details on how we can help your business, get in touch today.