As of today, February 14th, 2018, there are only 99 days left until the changes to the General Data Protection Regulation (GDPR) are enforced. This means that if you aren’t planning for it by now, you need to get this on your roster of things to do.
In April of 2016, the latest changes to the regulation were approved by the European Union Parliament enforcing stronger limitations to protect the personal data of European citizens.
While this regulation was passed in the EU, it will affect any company that interacts or does business globally who stores, uses, or distributes Europeans’ personal data. Data classified as “personal” is anything that can identify an individual. This includes but is not limited to the following:
- Email addresses
- Medical information
Here at Phenom People, we are preparing for May 25th when the modifications will be imposed by ensuring all of our clients are GDPR compliant. How are you preparing?
The Influence on Talent Acquisition
Recruiters, you are constantly collecting candidates’ resumes, email address, even their computer IP addresses. Here are a few things you need to know if you are exchanging correspondence and holding onto that data.
It’s acceptable to collect the data from your candidates as long as you’re receiving consent from the individual. This means you have given clear indication that you are requesting their data and letting them know what the data will be used for. But if that data is misrepresented or handled improperly, it could cost your company massive fines of up to €20 million or 4 percent of the company’s global sales, whichever is more.
If a candidate wants you to delete their data at any point, your company must oblige his or her request and purge their data without any questions asked.
If any breach does occur, it should be reported to all states within 72 hours of its occurrence and the company must notify their customers and controllers immediately.
In order to avoid the ramifications, make sure that you are well aware of how to follow the regulation’s adjustments by checking out their website.
The most simplistic procedure to guarantee you are GDPR compliant is to explicitly let your candidates know the information you request from them, use that data only as you say you will, show the candidate what data you have on file and how you’re using it if they ask, and if they ask you to delete their data from your records, do it without hesitation.
Keeping this in mind will ensure you are ready for this May!