GDPR – 6 Things the recruitment industry needs to know
It’s been 19 years since the Data Protection Act was introduced, and the European Union has set out to give it a makeover with some tough new rules on how businesses should store and use personal data.
There’s no doubt that you will have heard of the GDPR changes that come into effect as of 25th May 2018. The recruitment industry by nature does hold a large amount of personal data, but what does this new legislation mean for the recruitment industry?
General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).
By now, you should be aware that you need to start preparing for the new regulations in time to safeguard your business against the increased maximum fine. In May 2018, the fine increases to €20 million or 4% of global turnover (whichever is greater).
Since its launch on March 28th last, the Irish GDPR Awareness Coalition has been running a campaign to explain some of the major pain points for specific industry sectors in simple language.
This infographic from the Coalition highlights 6 key points recruiters should explore while getting to grips with GDPR:
1. No Hoarding – All personal data must be deleted after a set period of time, including when it’s no longer used for the purpose it was collected.
2. Ask Nicely – GDPR requires explicit consent for data processing
3. Be Honest – GDPR also requires you to tell someone why you’re collecting their data and how you’re going to use it.
4. Own Up – Data breaches or cyber attacks must be reported to affected parties and the Data Protection Commission within 72 hours.
5. Lock It Up –You must provide appropriate levels of security for any data you store. This includes cyber security software and access controls.
6. Be Accountable – Take stock of the personal data you hold and ask yourself how you got it, why you’re holding it, how secure it is, whether you share it – and for which reasons.
Brendan Long, GDPR