Recruiters have always the laws and corporate protocol when it comes to data protection. When GDPR was introduced, the view of how data flowed into the company changed. Rather than just a policy change, GDPR has a significant impact on recruitment.
HR managers have accessto massive amounts of personal data during both the hiring and the firingprocess. Much of this data is still unprotected. In the past, this would havebeen frowned upon, now it is illegal. In an effort not to break the law,companies are struggling to adapt to the changes brought on by GDPR
What is GDPR?
In May 2018, the EUintroduced the General Data Protection Regulation (GDPR). It is basicallystated the new rules controlling data privacy for all EU citizens. The focalpoint being, that nobody’s data could be used without the individual’spermission.
To understand thesignificance in recruitment, first, we will look at the terms ‘personal data’,‘data controller’, and ‘data processor’.
- Personal data- any personally identifying information from your name to your bank account details, your IP address and even social media posts.
- Data controllers- a person/organization who can use personal data for certain reasons, while complying with GDPR
- Data processors- a person or organization that holds a person`s personal data. A recruiting firm is a data processor as it holds the personal information of candidates.
GDPR and Recruitment
GDPR has, without adoubt, made the recruitment process harder. Recruiters now have to overcomemore challenges and risks. Here are some of the things you should bear in mind:
Apps and tools
If you use anyrecruitment software, it is crucial that you keep it up-to-date. This mayinclude changing apps and tools if they don’t comply with GDPR. Staff may needtime and some training to adapt to new programs, potentially delaying yourrecruitment.
Data must now be mapped. Candidate data has to be sorted into the type of recruitment process. processing stages and then it has to be stored somewhere. Introducing data mapping may be quite complex and timely, however, it’s a new law, so it must be done.
New legal policies
Evaluation of Recruitment Agencies
If you outsourcerecruitment, make sure the company you use is GDPR compliant. Only choose towork with a recruitment firm that is!
The workflow is more complicated
If the candidaterequests it, their data must be removed from a company’s database. For a largecompany, this is going to take time. For any company, it is going to beimpossible to store information for further job openings.
Selective data requirements
You can collectpersonal data but only for a person who is coming for a specific interview.While LinkedIn is great for recruitment, you can’t just find a candidate anduse their personal information, you must ask permission and explain exactlywhat you are going to do with it.
As you can imagine,CDPR makes recruitment more complicated than it was previously. Now considerthose recruiting from outside the EU who are unaware of our strict laws. Anyform of data protection breach may have serious implications.
What happens when the laws areignored?
Breaking the law withregards to data protection is not going to result in a slap of the wrist, or“not to worry, you are just learning”. You can be punished by a 20,000,000€fine or 4% of the annual income of your company (whichever is larger).
This soul-crushingnumber is related to Category B fines where there has been an actual breach ofconfidentiality or failure to comply.
Category A fines areincurred when a company is not prepared regarding the new laws (for examplethere is no education in the business, teaching staff about data protection).The maximum fine is 10,000,000€ or 2% of the annual income.
These fines are morelikely to be handed out to major breaches in data protection. We have seenrecently the Cambridge Analytica breach. Fines are normally smaller but stillsignificant.
What are the effects of GDPRon outsourcing?
As the laws are stillrelatively new, the Impact on outsourcing may not be as apparent. The main areasthat have had to change their policies are:
- Rendering services, selling to EU clients
- Rendering services to EU companies
- Behavior monitoring and analysis of all those living in the EU
If you are an outsourcingcompany with any links to the EU, especially in the services provided above,you must make sure that all of your data protection policies are up-to-date andput into practice.
IT Recruitment Agencies fromEastern Europe making lives easier
While we advise everycompany to be on top of their data policies, a way to avoid the strict legalimplications is to hire an outsourcing company fro Eastern Europe. This way,you know the recruitment agency is knowledgable and compliant with GDPR, aswell as enjoying some of these benefits:
Access to some of thebest job candidates
A wide range of highlyskilled candidates
You won’t have tochange your recruitment policies or provide additional training
Despite the fact thatas business owners, we have to be extremely careful about how we handlepeople’s data, GDPR is a great thing, especially nowadays when our whole livesare online.