General Data Protection Regulation (otherwise known as GDPR), is the EU’s latest Data Protection initiative and will be replacing the current Data Protection Act. Coming into force in May 2018, GDPR will standardise Data Protection law across Europe and will hold companies to account over how they process, handle and store the personal details of their contacts.

For recruiters and other companies that processes hundreds of pieces of personal data, getting GDPR compliant is going to take some time – which is why I recommend you start implementing steps towards it now!

The key points of GDPR – what it means for your clients

GDPR not only affords greater protection to your client’s data, it also increases their rights. Clients will have the right to:

• Access and request their information.
• Clearly know why you are requesting their information.
• Know what you are keeping their information for, along with how and where you’re storing it.
• Request a free-of-charge electronic copy of any information you hold about them.
• Take their information with them, at any time.
• Request you erase all information you hold on them.
• Know if their data has (or potentially has) been breached in any way.

The key points of GDPR – what it means to recruiters and other businesses

So, what does this mean for recruiters and other businesses? It means you need greater accountability and transparency over the data you have access to. For many, it also means you’re going to need to do some clearing, updating and implementing – before May 2018.

Here’s an overview of what you need to do, to get GDPR ready:

Everyone needs to learn about GDPR

The changes that are coming into force are huge – not only in terms of responsibilities, but also implementation. It’s therefore essential that you attend conferences and take training on GDPR now – otherwise you’re going to desperately be playing catch-up, further down the line.

You need to have a dedicated Data Protection Officer

This DPO is the designated person in charge of Data Protection and the GDPR implementation. This doesn’t mean it’s their sole responsibility to implement GDPR – it’s every individual’s responsibility – but it does mean they’re responsible for educating, training and implementation of the Regulation.

Understand and simplify your processes and systems

Accountability and transparency are big parts of GDPR. You can’t adequately implement GDPR, without first knowing the contact points you have with your customers and the processes you’re using to collect their information.

Whether you’re collecting clients details through your website, via their CV in person or through their latest timesheet or pay slip, you’ll have various ways of interacting with your clients and accumulating their personal details.

You then need to have a clear flow of accountability and transparency – how does this process work, who else has this information and how is it accessed?

Looking after client information

As recruiters, you hand a mass of personal information on a regular basis. Once you have their information you’ll have different things you do with it – whether that’s storing it on a database, Excel document or through a cloud backup.

Get clear on every process and system you use, because it’s your responsibility to ensure you’re:

• Collecting only the information that’s needed for the purpose.
• Storing it in a safe way.
• Keeping it only for as long as you need it for that purpose.
• Giving customers a clear exit strategy – opt-out clauses etc.

Update your policies

Finally, your privacy policy will need updating to reflect the GDPR changes. This includes adding details of a clients right to access their own information, along with how to obtain a copy of their details. You also need to be clear on how you store information, as well as details on how they can complain to the Information Commissioners Office, if they’re not happy with how you’ve handled their personal data.

Getting ready for GDPR now, will pay dividends to your business. Recruiters especially, handle masses of personal details (from CVs to IP addresses) each week – often passing personal details over to interested parties as needed. It’s your responsibility to ensure you’re being both transparent with, and responsible for, that information – to avoid falling foul of the new regulation and potentially facing an enormous fine. To find out more, check out the official GDPR portal: https://www.eugdpr.org/