General Data Protection Regulation (GDPR), on 25th May 2018 has replaced the erstwhile Data Protection Act to unify data regulations in Europe, putting more control in the hands of the people to protect their personal information. This new regulation will bring about a significant change in the way the organizations collect and process personal information. According to the European Commission, personal data can be any information relating to employees private and public life ranging from an email address to bank details to posts on the social media platforms. Unlike the Data Protection Act, GDPR regulation apart from within the EU region is applicable for organizations based outside of EU and holding personal data of EU residents.
Recruitment agencies via the recruitment process collect a lot of personal information of a candidate and often share it among HR departments of various companies across the board. The unrestricted dissipation of information, with the inception of the GDPR act, will be severely affected as the onus will now be on the information collectors to apply necessary controls over the flow of information and would be made accountable to any unapproved disclosure or retention of personal information.
Let’s take a look at the key elements of the recruitment process that might be affected by the introduction of GDPR:
- First and foremost, it would require a major overhaul in the privacy policies of an organization as they will have to incorporate the directives setup by the GDPR act. It would also mean that the recruitment agencies and the HR department would have to justify the utility of the data ascertained and must make their policies and privacy notices transparent and take responsibility for the data cycle.
- Companies will have to come to terms with the “data to be forgotten” reality. Individuals will now have the right to ask for their personal data to be erased from the system at any point in time, without any questions asked.
- The individuals have been vested the power to safeguard their personal data and have the right to extract all the data withheld by the data processors. It was quite common for recruiters to have personal information downloaded from job boards or Linkedin on their personal handheld devices but with GDPR, the data acquired from these sites would need consensus in processing the personal information.
- Most of the recruitment platforms are powered by automation tools like the ATS in sifting through workforce database. With GDPR, the recruitment agencies will have to make sure that the automation tools are compliant and are designed to hold log trails of the data manipulation. The automated tools should have an inbuilt log system which has every permission message pertaining to data usage timestamped from various candidates and employees.
The new GDPR directive gives employees and candidates greater control over their personal data and makes the company more accountable for any breach of personal data. This not only will make the candidates experience quite enriching but will also lay the foundation for a more effective and efficient way of running the business.