GDPR: General Data Protection Regulation or a Good Demonstration of Privacy when Recruiting?
These new Data Protection regulations are a set of rules designed to cover data protection for residents of Europe. All EU citizen data is within scope of GDPR and the Brexit vote does not exclude the UK from these rules. The regulations will be enforced from May next year but many firms have been slow to prepare themselves.
I recently attended a webinar presented by Helen Haddon of ComplyGDPR which altered my thinking somewhat to appreciate the benefits of the GDPR. I have also noticed a slight shift in other businesses and in the media. For example when the new regulation was introduced, initially there was a degree of apathy about how this would affect businesses, particularly in the recruitment world. Then there was fear as the magnitude set in of just how much of a change this is, as well as the significant financial penalties if we get it wrong. The rules allow fines of up to 4% of annual turnover or €20 million – whichever is the higher – enough to destroy many companies. As our understanding has increased, there now seems to be a level of inevitable acceptance and a good old British “let’s get on with it” attitude. Ultimately the GDPR is about people, and as recruiters if that’s not at the heart of everything we do, whether that be clients, candidates or our own employees, well then we’re probably in the wrong game.
So here are my top 5 positives from what I have learned about the GDPR:
GDPR is about people not data and people are at the heart of everything we do.
It’s about time data privacy had a shake-up – the 1998 Data Protection Act (DPA) no longer provides adequate protection in this new, modern world of widespread spam mail, phishing scams and internet fraud. We all need to know that our personal data is being looked after carefully and with respect.
Housekeeping for businesses – there’s never been a better time to review and clean up your data. Out with the old and in with the new!
Increased awareness for individuals – do you know who has your personal data? Make sure you understand what you are giving consent to.
The GDPR is very much about embedding a culture of data privacy into your organisation not about having to invest in fancy software that will manage it for you.
So now I see GDPR as an opportunity. An opportunity to be even more people-centric and to embed healthy, data privacy practices that become second nature to us all. As Helen very aptly summed up – the GDPR is a Good Demonstration of Privacy when Recruiting.