The GDPR, or more properly the European Union General Data Protection Regulation (EU-GDPR) is now upon us. The time for talking is over. (Finally!) Recruitment agencies across the world, including those based outside of the EU that actively hire European citizens have been making preparations.
For some it’s been going for at least two years. It’s now time to see how two things are going to unfold. Two important measures of success are:
There’s two facets to this. Generally speaking there are companies that are internet ‘giants’ or other businesses that have triumphed in the digital age, primarily as a result of how they use data. And then there is everyone else.
Those that have conquered with data and tech have frequently been pushing the envelope when it comes to operating within the rules. These companies have frequently tested existing legislation. They have also created their own policy-based frameworks which sets out what and how they do things.
Frequently this is most often seen as dozens of pages of User terms and Conditions which few people read (perhaps except lawyers!) which when you check the box effectively mean you have signed away your rights and the company cannot be held responsible for… well just about anything.
This fast-and-loose approach has also seen some exploit the borderless internet, as well as tax haven loopholes through the use of complex corporate structures.
These companies need to drastically alter their approach. Their policies and behaviour need to change to reflect compliance with GDPR. For some, the changes may not quite be ‘existential’, threatening their survival, but they do mean they need to have a serious re-think. This needs to extend to respecting that PII always belongs to the individual and not the organisation.
Perhaps the most obvious example here is the way Facebook’s existing policies on data retention of Personal Identifiable Information (PII) and the GDPR cornerstone of ‘the right to be forgotten’ need to be brought together.
For everyone else, the requirement is to make sure that they simply have the systems in place to abide by the compliance requirements. If GDPR is a success it will achieve two very worthy aims:
With the GDPR framework recruitment agencies achieve a better standard of data security.
This promotes a more consistent approach to information security. Agencies enjoy greater confidence when sharing candidate PII information with clients as well as in their collaborations with supplier organisations, delivery partners and other third parties.
Clearly GDPR is only going to stick and have the desired effect if the Information Commissioner’s Office (ICO) demonstrates that it is going to come down hard on companies that are guilty of compliance failure.
New legislation often produces big legal cases where courtroom battles test the regulatory framework. For big companies that lose a legal challenge to GDPR, a potential fine of €20m or 4% of group annual global turnover (+ legal costs!) may help to focus them on how they need to modify their approach.
ETZ is built and operated using best practice derived from all applicable regulatory standards, including GDPR. Our recent development of the platform has seen a complete review to make sure that all the changes necessary were built-in to make sure that recruitment agencies that run their back office with us are GDPR compliant.
If you haven’t done so already, it’s a good idea to check that any other third-party technology suppliers are able to give you the same guarantee!
Boosting operational efficiency in the recruitment back office The back office of a recruitment agency plays a pivotal role in...Read more
Does ‘thought readership’ have a place in recruitment? In recruitment, in the battle for audience engagement, just like any other...Read more
Mastering RecTech determines your level of success The operating environment is dynamic and fast-moving. The opposition is aggressive and hungry...Read more
Save hassle, time and money with our powerful software.Book a Demo