Is your recruitment agency ready to take on the EU general data protection regulations?
GDPR is an evolution in data protection, not a burdensome revolution – it is an opportunity to not only ensure that you are compliant with EU general data protection regulations but this gives you a chance to distinguish your recruitment agency from your competitors by showing that you are a trusted brand that really cares about their clients.
The General Data Protection Regulation is not the only legislation we need to take into account when referring to data protection, there is the Data Protection Act 98, like its replacement GDPR, was a very generalist regulatory, in 2002 a new directive, the ePrivacy Directive was issued, we called it Privacy and Electronic Communication Regulation – or PECR, PEC Regulations, in legal terms this is known as Lex Specialis – a specialist set of rules – in this case covering email and fax.
PECR is to be replaced by the ePrivacy Regulation which was planned to be put in place in May 2018 but this has been revised to come into regulation in May 2019 and we await to see what this will mean.
Are you confused – you are not alone?
There have been seminars, conferences and workshops for a few months and even years by the ICO whom has issued consultations for guidance on consent, this has led to lots of debate and lots of experts often contradicting each other!
This means lots of grey areas…
Organisations need to think carefully about the actions they need to take in order to work towards compliance. In the event of a breach – the ICO is likely to favour those that can show they have taken steps and have a roadmap to ensure they are General Data Protection compliant.
According to the ICO Annual Track report 2016 – 57% of adults think businesses are not transparent in use of data and few adults agree that they have control over the data that these businesses hold, this is contrary to the Recruitmyjob.com offering – we take our data protection seriously and allow you to amend or remove your data at any point.
Here are the 6 key principles of Data Protection under GDPR
- processed lawfully, fairly and in a transparent manner in relation to individuals
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
- accurate and, where necessary, kept up to date
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage
It is clear that if privacy was guaranteed, more people would be prepared to share their personal data, and less people will hide their data (or put false answers in!). Think, do you always fill registration forms honestly? If you do, do you ever stop to ask why are they asking me that?
That’s what we want isn’t it? Every organisation needs data, and we need that data to be true and accurate in order to ensure that we can derive value from it.
But, if you trust the brand – you will tell them everything – perhaps more than you intended too – look back at your Facebook posts…you have most likely shared a lot more information than intended purely down to the fact that Facebook is a global brand that we all trust to a certain extent.
Here is what Marketing Agency Havas had to say about trust and brands
Havas Media Groups for meaningful brands Index
“Consumers are drawn to brands with an original story, an engaging identity and a clear commitment to deliver what they promise. Authenticity is about unambiguous brands with meaning and sincerity, which allow consumers to feel safe in the choices they make. And, importantly, ensuring that what brands promise and what customers’ actually experience are in sync.”
Below is a summary of the lawful basis of the EU General Data Protection Regulations, note the keywords in bold that should be work towards to ensure you are GDPR complaint.
- (a) the data subject has given consent to the processing of their personal data for one or more specific purposes;
- (b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- (c) processing is necessary for compliance with a legal obligation to which the controller is subject;
- (d) processing is necessary in order to protect the vital interests of the data subject;
- (e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- (f) processing is necessary for the purposes of the legitimate interests pursued by a controller, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. This shall not apply to processing carried out by public authorities in the performance of their tasks.
In summary, as a recruitment agency holding a wealth of data that is core to your business it is essential that you have been given consent by the client or candidate with a clear indication that this data is to be used in a manner that legitimate interest is being pursued.
If you are a client looking to connect with meticulously vetted recruitment agencies or a recruitment agency dedicated to delivering the best candidates then Recruit My Job is the platform for you.