GDPR - it's not too late to start!
With the ‘go live’ date for GDPR looming, as Recruiters the volume of work needed in order to comply with the new legislation can seem daunting. After all, personal data – from our candidates, our clients and our own staff – is at the heart of everything that we do. But one thing is clear, GDPR is happening and it’s here to stay.
In the ever-changing, ever more legislatively challenging environment in which we operate, it’s critical that recruiters have processes in place to ensure that we are compliant. After all, better candidate data makes us a more effective recruitment partner for our clients, and helps us to provide a better service to candidates who are engaged with us, and who want to work with us.
At Outsource, our GDPR project is well under way, and we are using the new legislation as a way to update our existing data protection policies and processes. However, we are also using the project as a way to really look at our data, and see what we can do better. But it’s not too late to get started! We’ve outlined our first five steps towards getting ready for GDPR for recruiters, HR and managers with recruitment responsibilities.
1. Understand the legislation
GDPR legislation is a lengthy legal document which applies to all industries. So the first step is to identify what it means for your business. For us, this has meant working closely with the REC & APSCO, and using the resources on the ICO website.
In order to know how GDPR will affect you, you need to know what data you actually have! So for us, we’ve audited on exactly what information we hold, and identified exactly where it all is.
3. Data flows
GDPR legislation contains rules around how you must allow access too, correction of, and deletion of data, amongst many other things! So to enable this, you must know exactly how data is passed around the business, and who has access to it. We’ve produced data flow diagrams of exactly how data moves around our business.
4. Grounds for processing
The legal bit! In a nutshell, in order to process data under GDPR you must be able to assign a legal ground for processing data https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/ to that activity. It’s not all about consent!
A dirty word – no one likes to delete data that may have been collected over a number of years. But if you can’t assign a legal ground for processing, you shouldn’t really have that data, so cleanse, cleanse, cleanse!
Getting started on the above is a good way to start your GDPR readiness journey. And don’t forget – if you’ve been compliant with existing Data Protection legislation this really is just the next step.
Contact us to hear more about our GDPR compliance programme and the support we can offer you. Email firstname.lastname@example.org or call Vicky on 01793 430021. Good luck!