GDPR, Simply Supply and You
By now, most companies will have heard of the new General Data Protection Regulation (GDPR) changes coming in May 2018, and this is going to have a particular impact on the recruitment industry.
That’s why this month we wanted to share with you how GDPR is going to have an impact on how we work. But before we begin, we wanted to shed some light on what GDPR is, and how it’s changing from the current Data Protection regulations.
What is GDPR?
General Data Protection Regulations, or GDPR, is a system that has been designed to protect the personal data and privacy rights of all citizens within the European Union. The new regulations will bring the UK into line with the current rules governing countries including Germany, Canada and Australia.
What impact will this have?
Currently, recruitment companies who use personal data for marketing or put candidates forward for a different role don’t need to gain express permission from each candidate.
However, when the new regulations come into force, candidates must now give explicit consent for their personal data to be collected and used. For example, if the recruitment company thinks you may be suitable for a role, they have to provide you with the vacancy details, and gain your permission, before your CV is submitted.
How will GDPR change the way we work?
Consent and Processing
Traditionally, the recruitment agency has processed application and CV submissions with implied consent. The process included:
- Storing the data relating to the CV
- Sharing the CV or data with companies with a possible role
- Emailing job opportunities to the applicant
However, when GDPR comes into force this will change. Consent can no longer be presumed; a candidate must expressly give it before their CV is passed on.
Here at Simply Supply, we already work to this process. Before any applicant information is passed onto a School or Nursery, we speak to the candidate before putting them forward for a role.
Updating candidates Contract of Service
Another important aspect of GDPR preparation is amending candidate contracts of service. This process will develop a clear, transparent, GDPR-friendly set of candidate contracts of service. This will give all candidates the understanding of how their data is stored, and why it’s needed.
These new contracts of service should include:
- How the candidate information is stored
- How long this information is stored for
- What rights the candidates have to access their data
- Should it be requested, the candidate data will be removed
- Why the data is being stored
Over the coming months, we will be updating our own terms and conditions and will keep you updated on the process once it’s finalised.
Setting up procedures for a data breach
Now, this isn’t exclusive to the recruitment agency, all companies will have to set up a new procedure for a data breach. If a data breach should happen, then the local Information Commissioner’s Office (ICO) should be informed within 72 hours.
Under the current regulations, the ICO does not have to be informed, but GDPR changes this completely. We believe this to be a good thing, as it helps to protect our candidates and clients personal information.
Enhanced data security
In the run-up to GDPR, we’ll be implementing measures to ensure that all our client and candidate data is protected by enhanced security. These include:
- Encryption of personal data, including pseudonymisation of information
- Regular backing up of data in the event of data loss or a data breach
- Regularly assessing, monitoring and improving our security measures
- Full removal of any personal data once it’s no longer needed
- Undertaking risk assessments to negate data breaches
So there we have it, our summary of how Simply Supply will be preparing for the new GDPR regulations. Remember, if you’re unsure about anything that you’ve read in this article, then you’re welcome to get in touch with us to discuss it in more detail.