Back to Blog

Relationship with Data: Mythbusting GDPR and Compliance [A Recap]

by on

The following article is an excerpt from the Best of Bullhorn Live 2017 (now Engage London 2018), the premier global staffing and recruitment conference series. It recaps highlights from a session led by Gareth Cameron of the ICO (Information Commissioner’s Office)—the authorities on GDPR. Gareth discussed practical strategies to prepare for GDPR in 2018, common myths and misconceptions, and the specific elements that must remain top-of-mind for recruiters.

The announcement of General Data Protection Regulation (GDPR), and the remaining time before it goes into effect, has been met with concern from all companies operating in the European Union (EU). But GDPR compliance is further complicated for recruitment agencies that manage data and consent not just from customers but also from thousands of candidates.

Go to the GDPR Hub for recruitment resources

Garreth Cameron from the ICO, the authorities on GDPR, gave an engaging talk on how the ICO will be the UK’s supervisory authority under the GDPR. He discussed practical strategies to prepare for GDPR in 2018, common myths and misconceptions, and the specific elements that must remain top-of-mind for recruiters.

Recruiters need to be able to demonstrate they use people’s data appropriately and fairly.  

Recruitment is about relationships and increasingly about data, and data is the key to business success.
Garreth Cameron ICO

As the digital space has matured in the last 20 years, so has the need for recruiters to mature their data collection and processing transparency.

According to Garreth, only one in five UK adults trust people with their data. This has massive repercussions for recruiters. If only one in five people on your CRM and mailshot databases are trusting, then what does this mean for recruiters come May 2018?

If you want to derive the value from GDPR, think about how you go further than simply the GDPR legislation.
Garreth Cameron ICO

Fundamentally, it’s about regulation trying to aid growth. Trust and confidence is crucial, and transparency and accountability is key.

Key GDPR Steps for Recruiters

Garreth gave recruiters some practical tips on what to focus on during the next few months of planning for GDPR:

  1. Understand what’s going on in your business.
  2. Understand what information you have, what you’re holding, and your storage/processing policies.
  3. Communicate to your “subjects” (candidates and clients).  
  4. Understand your legal justification for processing others’ data.
  5. Do you transfer data overseas? If so, research what the recipients of that data have as their policies and procedures.

Debunking Typical GDPR Myths

Garreth debunked some of the GDPR myths he heard over the last six months and revealed the truth behind them.

Myth One: Consent is not a silver bullet

If someone consents to you storing their data, that doesn’t mean you can do what you like with it once you have it. Check that they understand what they’ve signed up for, and that you understand what you actually have permission to do.

Myth Two: The ICO is waiting for 25 May and then they will unleash hell

Fining everyone four percent of their global turnover and destroying the market is not on the ICO’s agenda! Garreth assured the audience that they will not do this. Enforcement action is expensive and time-consuming. They prefer to help organisations get it right.

Myth Three: There a grace period for GDPR

There is not a grace period.

Myth Four: There is no GDPR guidance

There is plenty of guidance. The ICO have 90 pieces of guidance to help businesses and use social media and newsletters to keep organizations informed.

Garreth’s final piece of advice for recruitment leaders: “This is a fast-moving, positive regulation. Stay on top of what’s happening, look for opportunities, and prepare your business.”


Looking for more insight on how to best prepare your agency for GDPR compliance? Learn more about what it is and how it impacts recruitment agencies.