Relationship with Data: Mythbusting GDPR and Compliance [A Recap]
The following article is an excerpt from the Best of Bullhorn Live 2017 (now Engage London 2018), the premier global staffing and recruitment conference series. It recaps highlights from a session led by Gareth Cameron of the ICO (Information Commissioner’s Office)—the authorities on GDPR. Gareth discussed practical strategies to prepare for GDPR in 2018, common myths and misconceptions, and the specific elements that must remain top-of-mind for recruiters.
The announcement of General Data Protection Regulation (GDPR), and the remaining time before it goes into effect, has been met with concern from all companies operating in the European Union (EU). But GDPR compliance is further complicated for recruitment agencies that manage data and consent not just from customers but also from thousands of candidates.
Garreth Cameron from the ICO, the authorities on GDPR, gave an engaging talk on how the ICO will be the UK’s supervisory authority under the GDPR. He discussed practical strategies to prepare for GDPR in 2018, common myths and misconceptions, and the specific elements that must remain top-of-mind for recruiters.
Recruiters need to be able to demonstrate they use people’s data appropriately and fairly.
As the digital space has matured in the last 20 years, so has the need for recruiters to mature their data collection and processing transparency.
According to Garreth, only one in five UK adults trust people with their data. This has massive repercussions for recruiters. If only one in five people on your CRM and mailshot databases are trusting, then what does this mean for recruiters come May 2018?
Fundamentally, it’s about regulation trying to aid growth. Trust and confidence is crucial, and transparency and accountability is key.
Key GDPR Steps for Recruiters
Garreth gave recruiters some practical tips on what to focus on during the next few months of planning for GDPR:
- Understand what’s going on in your business.
- Understand what information you have, what you’re holding, and your storage/processing policies.
- Communicate to your “subjects” (candidates and clients).
- Understand your legal justification for processing others’ data.
- Do you transfer data overseas? If so, research what the recipients of that data have as their policies and procedures.
Debunking Typical GDPR Myths
Garreth debunked some of the GDPR myths he heard over the last six months and revealed the truth behind them.
Myth One: Consent is not a silver bullet
If someone consents to you storing their data, that doesn’t mean you can do what you like with it once you have it. Check that they understand what they’ve signed up for, and that you understand what you actually have permission to do.
Myth Two: The ICO is waiting for 25 May and then they will unleash hell
Fining everyone four percent of their global turnover and destroying the market is not on the ICO’s agenda! Garreth assured the audience that they will not do this. Enforcement action is expensive and time-consuming. They prefer to help organisations get it right.
Myth Three: There a grace period for GDPR
There is not a grace period.
Myth Four: There is no GDPR guidance
There is plenty of guidance. The ICO have 90 pieces of guidance to help businesses and use social media and newsletters to keep organizations informed.
Garreth’s final piece of advice for recruitment leaders: “This is a fast-moving, positive regulation. Stay on top of what’s happening, look for opportunities, and prepare your business.”
Looking for more insight on how to best prepare your agency for GDPR compliance? Learn more about what it is and how it impacts recruitment agencies.