Most recruitment agencies have gone GDPR crazy as the industry prepares itself since last Mays news about the the new legislation. If you don’t know anything about GDPR then it’s time to start reading up on it as it will have an undeniable effect on recruiters.
As a supplier to the industry, we have done our due diligence and built our own data management consent tool for customers, written a blog post and whitepaper for recruiters and provided internal training to ensure we are as prepared as we can be for 25 May. However, it is down to you to make sure your own recruitment agency is ready for GDPR and here are five ways you can do so.
Find out what your suppliers are doing
What your agency does with regards to preparing for GDPR is entirely down to you but it’s worth finding out what your suppliers are doing as well. This can include your CRM, job boards, job posting, payroll solutions and anything else you integrate with.
As a recruitment CRM, we have developed a new data management consent tool for our clients to help them manage the retention of their data. This is something which will massively benefit our clients so when you’re doing your GDPR research, you should find out whether your recruitment CRM supplier can offer you anything like this.
Train your staff
Our whole company has undergone GDPR training (both theory and practical) to ensure we have done the best we can to teach employees about what it is, how it will affect us and our clients, what the risks are and how we should go about managing both our and our clients’ data in a secure manner. You can easily do the same to ensure everyone is on the same page as we have said before, the fines are huge (4% of turnover or €20 million) so it’s worth training all your staff to reduce any potential risk and increase awareness of the implications.
If your company doesn’t provide you with a GDPR training session then you can still improve your knowledge by signing up to webinars, downloading whitepapers and guides, reading blog posts and watching videos.
Analyse your processes
GDPR will require your business to introduce new processes so you need to think about your requirements which could include the type of processing you do, what personal data you hold, the criteria for the retention of personal data as well as retention periods and types of data. You should also consider how your procedures and policies will be affected by third party contracts, data storage, breach management, database access and the security of your data.
Set out your terms and conditions
One of the most important steps in preparing for GDPR is writing a set of terms and conditions for your candidates to read as they need to know exactly why you want their personal data and what it is going to be used for. You should detail why you are storing their data, how you will store it, how long you will keep it for and their access rights to their data.
Assign a Data Protection Officer
It would be a good idea to either employ a Data Protection Officer or alternatively assign one internally in the business to take control of the processing of personal data but this can depend on the size of your company and how much data is processed. It is not essential to every business but would be a step in the right direction to ensure there is someone there to monitor compliance and be the first point of contact for supervisory authorities and for individuals whose data is processed. Your DPO can also ensure that the whole business is working from the same system/CRM as it can prove difficult to meet the GDPR requirements if people are working from different databases.
By undertaking these methods, you will be able to prepare not only yourself but your agency as well for the arrival of GDPR. This is absolutely vital to any business to prevent the risk of fines from the ICO. If you’re still in the process of expanding your knowledge and want to know more about how GDPR will impact recruitment specifically and what you can do about it, then try downloading our whitepaper for more detailed information.
If you would like to find out more information on the itris data management consent tool then please call our sales team on 01892 825 820 option 3.
Additional resources: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr
Disclaimer: Anything stated or suggested in this blog post does not form the basis of any legal advice and we suggest that you seek your own as we are not legal professionals.