How will GDPR affect the recruitment industry?

Posted: 13 Mar 2018

Candidate recruitment is perceived to become that bit more challenging with the introduction of GDPR on 25th May, however these changes shouldn’t feel too daunting for you and your business.

Using a GDPR compliant recruitment agency such as Eolas Recruitment to find the right candidates for your vacancies is the ideal way to ensure you meet the compliance requirements specified by the new regulations.

What is GDPR?

You’re sure to have heard of GDPR with only a matter of weeks before the implementation deadline, but you might not be sure what it really means or how it is set to affect your business – including your recruitment processes.

GDPR – General Data Protection Regulation – will unify and strengthen data protection across the whole of the EU. The regulations provide individuals (candidates) with more control than they have previously had over what companies can do with their personal data. Fines for non-compliance and data breaches are considerable.

The regulations will impact any business that collects, processes and uses personal information – with implications for anyone that recruits staff.

Why is GDPR being implemented?

GDPR is intended to increase security and enforce clear legal guidelines across the EU, with the aim of increasing trust in the digital arena.

The new GDPR framework will bring the existing data protection legislation – the Data Protection Act 1998 – up to date with the changing ways that data is now used. The current legislation is out of date as it was established before internet usage and cloud based systems became the norm.

The associated risks of data exploitation – particularly with the proliferation of ‘The Internet of Things’ – should be reduced by increasing the security around data protection legislation, plus stricter enforcement and prosecution measures will be introduced.

GDPR will also establish a uniform legal framework across the EU, with identical data protection laws to which businesses must adhere.

Who will be affected by GDPR?

Two main groups will be affected by the new regulations:

‘Controllers’ of data – those who state how and why personal data is processed. These range from online businesses to banks, charities and even the government – anyone who collects any element of personal data from an individual

• ‘Processors’ of data – those who actually process the data, such as IT businesses

The regulations specify that even if these data controllers and processors are not based in the EU, they still need to be GDPR compliant as the data they are handling belongs to EU residents.

It is the responsibility of the data controller to ensure their data processor adheres to data protection laws.

What are the implications of GDPR for a recruitment agency?

GDPR will change the way that recruitment agencies gather and use confidential personal information.

Agencies will have to be make it clear as to:

How candidates can access their data

• How candidates can request their data to be deleted
• How they store candidate data and why
• How long they keep that data

They will have to update their privacy policy and ensure it is immediately available for clients to read. All the information in the policy needs to be easy to read and understand, with no small print or pre-ticked boxes.

Consent will be fundamental – an agency will have to ask for each individual job seeker’s consent every time they wish to use any personal information. Recruiters will no longer be able to access candidate information from social media channels and platforms such as Linkedin, unless the candidate has given their express consent for the recruiter to do so.

At Eolas Recruitment, our processes and policies are already fully compliant with these requirements.

Why should I use a GDPR compliant recruitment agency?

The risk of advertising your current vacancies yourself and requesting applicants to apply directly to a job advertisement with their CV is that under GDPR you become the ‘data controller’, with the responsibility for the personal data of each applicant.

The regulations state that, as a data controller, you must keep records of how and where an individual gave their express consent for you to collect their data. You must also adhere to the individual’s right to withdraw their consent to holding their data whenever they choose.

A GDPR-compliant recruitment agency such as Eolas Recruitment will collect CVs, covering letters and other confidential candidate information for you, ensuring the data is stored, protected and maintained in line with the guidelines.

Whilst our intention is not to scaremonger, if you use a recruitment agency that is not GDPR compliant, or you do not use an agency and manage your recruitment yourself and you fail to meet GDPR guidelines, you face:

1. Severe penalties in the event of a data breach – if you fail to inform the relevant data protection authority within 72 hours of becoming aware of the breach, you face a maximum penalty of 2% of your annual worldwide revenue, or the equivalent of €10 million, whichever sum is higher
2. Large fines for failing to adhere to the data processing penalties – if you do not obtain consent, or you fail to meet an individual’s rights regarding the use of their data, you could be issued a fine of 4% of your global revenue, or the equivalent of €10 million, whichever sum is higher

Although the regulations may seem daunting, the introduction of GDPR will be beneficial for clients and job seekers alike, with benefits for both parties.

At Eolas Recruitment, we anticipated the regulations coming into force last year, so we engaged the services of a specialist consultancy to ensure our compliance. As a result, we are among the first recruitment agencies to become fully GDPR compliant.

Please feel free to get in touch with us to see how we can simplify your recruitment process ahead of GDPR, or if you’re interested in any GDPR jobs in Ireland, we can help too.