GDPR

A guide to GDPR

The main idea with GDPR is to give individuals more control over their personal data. Have you considered how the changes can be used to your advantage? By embracing GDPR you can make important updates to your data handling that will improve credibility and give your business an edge over your competitors.

The General Data Protection Regulation (GDPR) is a set of data compliance regulations that were introduced back in May 2018 to replace the Data Protection Act, which is currently used as guideline for businesses when handling personal data. Whilst most agency owners will already be familiar with the DPA, there are a few crucial changes involved in the migration to GDPR that impact on the recruitment sector.

The biggest impact that GDPR is having on recruitment is that as of May 2018, candidates either have to give explicit consent for their personal data to be collected/stored in our databases, or recruiters must be able to demonstrate that they have a legitimate interest to store that data, within 30 days of being stored.

Candidates also need to be informed of how and where their information will be used, and have the right to ask that their personal data be deleted at any time. GDPR compliance is all about showing intent and taking responsibility for your data. Implied consent is no longer sufficient under GDPR – if you’re not able to prove that the candidates on your database have been actively engaged with your brand within the time stated in your data retention statement, you’ll need to remove them from your database.

If you’re using consent as your legal basis for storing candidate data, it’s likely you’ll have to update your Candidate Agreement to comply with GDPR standards for consent, meaning you’ll still have to reach out to everyone on your database and give them the option to re-opt in.

Last updated