We brought you an update about the upcoming General Data Protection Regulation at the end of last year, with the date of the regulation coming into force drawing closer. With just under 100 days away, we felt that it would be useful to highlight where organisations should be with planning.
As we mentioned before, it is highly likely that your organisation will be affected as the GDPR applies to any organisation that offers goods or services (even free ones) or observes the behaviour of EU citizens. If you want your recruiting to carry on as normal from May 2018, you need to take steps now to ensure that your organisation is compliant.
A quick reminder of what you will need to have in place:
To be compliant with the GDPR and be treating your candidate’s personal data with the respect it deserves, your organisation will need to have:
- Governance practices in place
- Communication processes
- Risk controls for maintaining compliance
What should you have in place at this stage?
- Your privacy notice should communicate with candidates about the upcoming GDPR and what you plan to put into place as an organisation to be compliant.
- Your data protection processes should be fully up to date.
- You should have run or be in the process of running an audit on the data you hold – this will tell/have told you where needs particular work.
- This data audit needs to be run on all of the data you hold – even if it is stored by a data warehouse or on the cloud.
- Streamline what data you are collecting. Don’t collect unnecessary data.
- A Data Protection Officer should be appointed.
- Test the processes you have put into place – you will find any weaknesses here.
- Be open and transparent with candidates about what is going to happen and the rights they have over data. Start, if you’re not already, treating their data to the GDPR standard.
If you’re not compliant?
Don’t panic if you’re a little behind – now is the time to get cracking on putting the steps above into place. If you fail to do this, you will have lots of work to do over the next few months and don’t be surprised if candidates start proactively asking you how their data is treated by you. Don’t lose their trust by not being organised.
Let’s not forget that if you are not compliant by 25th May, your organisation could face a fine of up to 20 million Euros or 4 % of annual global turnover, whichever is higher. Don’t let the GDPR get in the way of recruiting excellent candidates, get your data in order now!
To chat to an expert on GDPR within recruitment get in touch today;
Please email firstname.lastname@example.org or call us on 01483 719020.