5 commonly asked Questions about how GDPR impacts Recruitment Consultants…

Get a pen and paper, we are getting serious about how this could affect your recruitment business...

1. Question:

Confidentiality is largely assumed but essential to trust within the recruitment world, so from the perspective of a recruiter with privacy as a brand value looking to comply with data protection regulations, what would you consider to be their priorities?

Cahoots Answer:

The EU’s General Data Protection Regulation has made privacy a priority in all industries, but for recruiters, while discretion has always been a tacit given, respect for candidates’ private information is now a mandatory requirement. Protection of data and privacy is about people and process, and the implications of GDPR are as much about understanding your business as it is understanding its obligations. A niche, specialist recruiter will have different processes to a large agency, but in either case there needs to be established working practices that enable transparency around privacy. Recruiters must first understand what data is considered private – not just names and addresses but employment, payment and medical records and so on – then learn where that sensitive data is, what systems are holding it (for example, your Human Resources Information System (HRIS), who is accessing it and for what purpose it is being used. Do not assume you know where all your data resides. And if you no longer need it, ditch it by the May 2018 deadline.

2. Question:

Under the GDPR, data controllers (those capturing it) and processors (those processing it) are responsible for protecting privacy. How do you think recruiters and employers can minimize risk and cost whilst maximizing data’s value to benefit their brand?

Cahoots Answer:

The intention of the GDPR is to protect individuals’ rights to privacy, regardless of who is handling their personal information. Once recruiters know where sensitive data resides, it’s about assessing risk and implementing policies, procedures and technology to ensure best practices that reduce risk to privacy, and their brand. The GDPR gives legal backbone to the concept of Privacy by Design with, “the principles of data protection by design and data protection by default.” In a digital world, trust is as important as ease of connectivity in the battle to attract talent. Designing privacy into a process has some overhead but once in place it could be a differentiator. Candidates feel good about employers who have great technology, but they also value great data privacy standards and recruiters who can demonstrate their commitment to Privacy by Design as they embrace digital innovation and the cloud are likely to experience greater loyalty in return.

3. Question:

In the recruitment world, CVs are the currency that moves between different parties as the hiring cycle progresses. One of the clearest expressions of the GDPR’s reach is as we see the positive opt in for the use of personal data; candidates give permission for their personal information to be shared in line with their expectations, but meeting their expectations is now essential, not just ethical. What advice would you give to organisations looking to reduce their liabilities and comply in this area?

Cahoots Answer:

This one is as dependent on the right technology as people and process. Recruiters need to set up processes that gain explicit opt-in from employees regardless of the systems they use. Every organisation gathering, storing, and sharing employee data must have a clear method of communicating and obtaining this permission and make sure it is honoured wherever personal information flows and throughout its lifecycle. There’s also the Right to be forgotten, and again, clearly articulated intentions and intuitive controls create the confidence necessary for the candidate trust and loyalty that adds brand value. Make sure your privacy policies and third-party contracts are explicit and transparent about the legitimate use and protection of personal information.

4. Question:

What about cloud storage?

Cahoots Answer:

Employee data is spread out across multiple cloud locations in the storage platforms, HRIS, help and support systems, messaging applications and others that are essential for success in our digitally connected world. Under the GDPR organisations are ultimately responsible for what their cloud-based software vendors are doing with personal information, and the steps they are taking to protect it. Please be aware that servers storing data that are held in the US or Canada will not be acceptable under GDPR from May 2018.

5. Question:

From a personnel and recruitment perspective what do you see as today’s biggest opportunity for growth and placement of candidates?

Cahoots Answer:

As well as the myriad data-driven roles the information age has created, compliance with the

GDPR has created significant demand for candidates across the entire data privacy ecosystem – widespread and urgent demand from technology vendors supplying compliance solutions and consultancies supplying expertise are driving recruitment initiatives. Additionally, for employers with 250 or more employees there is a requirement under the GDPR to assign an internal Data Protection Officer to oversee meeting the obligations of all GDPR requirements so there is significant demand for quality candidates who have the “expert knowledge of data protection law and practices” necessary to fit this leadership role.

#RecruitmentConsultantsGDPR #HowGDPRaffectsrecruitment #GDPRcomplianceforrecruitment #whatdorecruitersneedtoknowaboutGDPR