ETZ recruitment information security survey: Nearly one-fifth of UK recruiters may not be ready for GDPR

Uncovering attitudes and practice for information security

Whether we like it or not, the last 20 years have seen the rapid growth and penetration of digital internet connected technologies in to so many facets of work and life. However, the security of such technologies seems inconsistent and many vulnerabilities exist, which are exploited by cybercriminals, hackers and fraudsters. This begs the question: Is something wrong with our approach to securing data and our attitudes to information security?
However, change is coming. In May 2018 the European Union General Data Protection Regulation (EU-GDPR) comes into force. This game-changing data privacy legislation applies to all companies worldwide, including recruitment firms.
Recruitment agencies hold some of our most personal data and there have been a number of high profile data security breaches of global recruitment brands, such as Monster.com and Michael Page. However, it’s not just hackers breaking in and stealing data. The widespread practice of a recruiter taking a client contact database when leaving a firm was successfully prosecuted in 2017 by the Information Commissioner’s Office (ICO).

GDPR awareness and importance – survey responses and findings

To better understand attitudes, practice and how well prepared the UK’s recruitment companies are for GDPR, we conducted two short online surveys. Firstly, to get the view from the inside, one survey was aimed at recruitment firms. Secondly, to get the view from some of those closest to the issues, we surveyed contractors and temps.
One of the key findings of the survey arose from the responses to two questions:

• Have you heard of the GDPR?
• Do you have a good understanding of the importance, if any, of GDPR for recruitment firms?

By their own admission, 10% of the recruitment business owners and managers we asked had not heard of GDPR. 19% admitted to being unaware of whether GDPR was of any importance to recruitment firms.
This means almost one-fifth of recruitment firms may not be ready for GDPR, and it suggests recruitment industry bodies and trade associations should do more to close the gap and help agencies get up to speed.

More results and findings from the ETZ information security survey

Some may take the view that GDPR is simply more bureaucracy and red tape. However, on the flip side, rather than an increase in the compliance burden, the GDPR is actually a positive force for change. In essence, it can be leveraged as an opportunity.
Preparing for GDPR involves reviewing technology. Extending the review to include business processes and understanding how to automate and streamline administrative functions is a logical step which may uncover synergies between security and efficiency.
You can see all the survey results and analysis and get suggestions for how to prepare for GDPR by downloading the full survey report, ‘How ready for GDPR are the UK’s recruitment firms?’ here.
 
Photo Credit: image courtesy of descrier.co.uk / Flickr