It is has been almost 20 years since the Data Protection Acts (DPAs) were passed. As technology continues to evolve, business operations and human activities keep advancing. The laws in relation to these activities must keep up with the rate of change.
The European Union seems to have paid attention to this advice and, on May 25 2018, will introduce General Data Protection Regulation (GDPR) legislation which enhances the previous DPAs to keep them in line with the current global technology developments. The new regulations introduce strict conditions on how organizations should manage personal private data.
There is no question that this new legislation will majorly change the way recruiters do their business. Recruitment forms a chief part of most organizations. It manages pivotal information in relation to all the company’s workers. Due to this, individuals involved in processing such information must conform with the regulations governing data protection. Any individual working in recruitment will be aware of the new law and taken some steps regarding the kind of personal data they capture, the procedures they use to collate it, how they hold it and its use it during the recruiting process.
The current work processes in the majority of companies were never planned to be completely compliant with the GDPR. Due to this, recruiters must complete a comprehensive evaluation of their existing work practices, systems and procedures and plan on what will be needed to ensure GDPR compliance before its go live date. Several work practices that currently involve personal data will be deemed illegal and attract huge fines if companies fail to introduce major changes. For instance, a common practice by recruiters like sending a candidate’s CV to a third party without their permission will be a crime punishable by law.
Informed authorization, as enshrined in the GDPR, will be a major headache to most recruiters. Previous practices such as keeping unsuccessful candidates’ CVs for future applications will require re-valuation under the new legislation. Before such a decision to keep somebody’s CV in the company’s file is taken, recruiters will be required to prove the particular consents given by the candidates. All recruiters including Internet based job boards will have to reconsider their consent procedures to align them with the regulatory obligations. The law will prevent recruiters from using personal data without legal permission.
The new law intends to give users more powers and control over their personal data. This requires recruiters’ transparency. The areas of interest include how they gather personal data, reasons for gathering, and their use. The recruiters will have to adapt systems and processes that give employees with access to their personal information. Employees may seek such access under the subject access right to crosscheck their data’s accuracy and give necessary updates. They also have the right to access and confirm the bodies with which their employer might have shared such data.
GDPR will force recruiters and their agencies to keep an audit trail that shows how personal documents such as CVs have been gathered. They will also have to get permission from candidates to use their personal information in any way. In cases where consent is withheld, the law bars recruiters from using subjects’ information. Recruitment agencies must be ready to remove any information when asked to do so by the owner unless it is protected by another law.