We are here to provide practical solutions
to make your HR easier”
Articles by Month
- October 2018
- September 2018
- July 2018
- June 2018
- May 2018
- April 2018
- March 2018
- February 2018
- January 2018
- December 2017
- November 2017
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
- December 2015
- November 2015
- October 2015
Articles by Author
WHAT DOES GDPR MEAN FOR RECRUITMENT?
General Data Protection Regulation (GDPR) is on its way. A new piece of EU legislation, GDPR will be introduced on 25th May 2018 and applies to all. It will replace the current Data Protection Act (DPA) and seeks to unify data regulations within the EU whilst giving people greater control over their personal information. Even though GDPR is an EU initiative, Brexit will not affect its introduction in the UK.
If you store data about people, you are responsible for its safe keeping and security as well as ensuring the right people have access to it. You also need to apply the necessary control over how you share this information with others. It is now that you should evaluate what data you need to collect for recruitment and what data you need to cleanse.
Key elements that will affect your recruitment process:
- Rights for individuals under the GDPR will include: having subject access, inaccuracies corrected and information erased.
- Individuals have the right to not be subject to a decision that is based on automated processes unless you have their explicit consent. They have the right to appeal these decisions. If you use automation in any part of the recruitment process you must seek consent and be transparent about what you are doing and the criteria they are applying.
- Your privacy policies will need to be updated to incorporate the new things you need to tell people such as your legal basis for processing their data.
So, what do you need to do?
1. Be accountable - take responsibility for your data cycle.
2. Review your existing policies and procedures.
3. Justify the use of obtaining data through consent.
4. Make your policies and privacy notices transparent.
5. Respect the right to be forgotten.
6. Work with your suppliers and partners and see what they can do to make you compliant.
7. Make someone responsible for data protection.
What happens if you are breached?
Article 31 of the GDPR states,
"In the case of a personal data breach 1, data controllers shall without undue delay and where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority unless the personal data breach is unlikely to result in a risk for the rights and freedoms of natural persons/individuals".
The definition of a data breach is something that causes harm to people because their personal details are compromised. It does not necessarily mean harming the integrity of the business or loss of finances.
Matt Armstrong, Managing Director, Giant Group
Practical HR and Giant Screening work in Partnership to bring clients the very best in employment screening and on-boarding.
For more information on GDPR FROM PRACTICAL HR, please call 01702 216573.