GDPR for Recruitment Agencies – Everything You Need to Know
In May 2018, one of Europe’s biggest data and security laws was put into effect, changing the way that recruitment agencies handle data. The General Data Protection Regulation (GDPR) imposed new rules for companies and businesses to follow when storing and using the personal data they collected, which was implemented to give the public more control over how their information was managed online.
Recruitment is an industry that is constantly handling personal data, and you’re likely to have been affected by these new regulations. From editing your privacy policy to altering how your client or candidate data is processed and stored, ensuring GDPR compliance remains an incredibly important part of any recruitment business.
Whether you’re new to these regulations or are looking for more advice on how GDPR affects your recruitment agency, we’ve put together this guide of everything you need to know about GDPR for recruitment.
N.B. Please note we are not a legal practice so no information here should be taken as legal advice, just guidelines on the current state of play!
Contents
- When did GDPR come into effect?
- What is personal data under GDPR?
- What are the penalties for failing to comply with GDPR?
- What does GDPR mean for recruitment?
- Candidate Consent
- Legitimate Interest
- Candidate Access to Data
- Data Transparency
- Accountability
- How to Ensure Your Recruitment Agency is GDPR Compliant
- 1. Read up on GDPR
- 2. Map your data
- 3. Review your sourcing process
- 4. Review your job application process
- 5. Establish a clear data policy
- 6. Check the compliance of external systems
- 7. Create a data breach procedure
- Summary