The GDPR – How will this impact recruiting?

The General Data Protection Regulation (GDPR) comes into force on 25th May 2018, but the question is, is your organisation ready for it?

The General Data Protection Regulation (GDPR) comes into force on 25th May 2018, but the question is, is your organisation ready for it? The aim of the GDPR is to give EU citizens more control over their personal information when it is in the hands of an organisation. It is highly likely that your organisation will be affected as the GDPR applies to any organisation that offers goods or services (even free ones) or observes the behaviour of EU citizens. If you want your recruiting to carry on as normal from May 2018, you need to take steps now to ensure that your organisation is compliant.

General Data Protection Regulation (GDPR)

How can you ensure that your organisation is compliant?

It would be easy to panic about the GDPR, but as long as you have processes in place to comply with the existing Data Protection Act, you will be well set up to be compliant in May 2018. It is important to note that organisations will not only have to be compliant come May 2018, but will also have to demonstrate continuous compliance. A failure to comply could mean, at worst, a fine of up to 4% of annual turnover or 20 million Euros. To be compliant with the GDPR, your organisation will need to have:

  • Governance practices in place
  • Communication processes
  • Risk controls for maintaining compliance

General Data Protection Regulation (GDPR) Compliance Notebook (Isolated on White Background)

Will this impact your recruiting?

· Data management – In order to monitor how data is being collected, stored and used, you will need to store all candidate and client data in one place. You will also need to be able to provide an audit trail for the GDPR. From initial candidate contact, you will have to show how their data was collected, what form of consent given for use of that data and ultimately how it was used.

· Process – It would be helpful to map out your current processes for data collection and processing, as this will give you a clear idea of what needs to change to be GDPR compliant. Under GDPR it will be less appropriate to speculatively contact a job seeker who has posted their CV on a job board, so you should wait for the candidate’s permission before using details from their CV.

Business woman touching the screen of the mechanical gear


· Documentation – All documentation must be clear, for example any documents used in the induction of candidates must seek consent and specify how their data will be used. Giving consent for your data to be collected and processed should be unbundled from other terms and conditions, as under the GDPR people should be able to withdraw consent without detriment.

· Right to withdraw – GDPR states that a person should have the right to withdraw consent at any time. It should be as easy to withdraw it as it was for the data subject to give it. The person giving the data must be informed of their right prior to giving consent. You need to act on withdrawal requests immediately.

Is GDPR the end of recruiting as we know it?

No, definitely not if your organisation reviews their current processes and puts the relevant process in place with individuals in roles, such as Data Protection Officer, to oversee. It may seem like a lot of extra work now but it will be worth it to ensure that you are GDPR compliant, therefore avoiding a hefty fine! Take action now and early next year you’ll be watching others scrabble around to put processes in place, whilst those perfect candidates roll through your doors.


To speak to an expert in recruitment marketing:

Please email or call us on 01483 719020.

Pin It

Speak to an expert in Google for Jobs today. Please email or call us on 01483 719020.

Enhance Media

“…the work we have achieved has all been positive … you have been a pleasure to work with.”

Head of Resourcing, Virgin Atlantic Airways