Pop Quiz! What Rights Do Candidates Have Regarding GDPR?
If you handle data (email addresses, names, photos, medical information, i.e. anything that identifies a person), if you collect candidates’ information, if you have a public facing career site, you are (or should be) very well aware of what today, May 25th, marks.
I’ll give you a hint. It starts with a G and ends with an R. No it’s not a guitar or a grasshopper or even your grandmother. But it is GDPR.
You might be thinking, “I don’t live or work in the EU, so this doesn’t apply to me.” Well you’re wrong.
While GDPR focuses on the data of EU citizens, companies with a career site on the world wide web and those who source and hire candidates across the globe, are affected by these implications.
As of today, the new regulations are being enforced which means you have to be GDPR compliant or else you will face hefty fines; €20 million or 4% of your global sales, whichever is higher.
But before you panic, let’s look at the facts and how you can resolve any gaps you currently have.
Changes to the Regulation
Increased territory: Any data controller or data processor who holds EU citizens’ information will endure GDPR’s consequences if they do not handle that data properly.
Higher penalties: €20 million or 4% of global sales fines.
Clear consent is required: If any data will be collected, it must be clearly stated what type of information and for what purpose. Then the data subject can either allow or deny consent.
Right to access - when a candidate requests for it, he/she can receive the information a data controller and processor has on them in an electronic format
Right to be forgotten - candidates are entitled to have their data erased and any further processing of information must be halted
Right to data portability - candidates can take the information one controller has on them and transmit it to another
Alright So Now What?
If you don’t think you’re in the clear, here are a few basic things you can set up today if your career site is collecting vital and personally identifiable data.
Integrate notification banners requesting consent like this one:
Appoint a Data Protection Officer in your company to handle all data requests to help you properly comply with GDPR. They should become the internal champion and expert.
If a candidate asks you to delete their data, do so immediately without question.
Check out some of these resources for any further clarification including this website that allows you to search companies and find out their GDPR compliance status.
We covered this topic in this webinar that you can also download a recording of, Talent Acquisition Leaders, Are You Ready for GDPR? Plus, we are having another webinar coming up at the beginning of June, GDPR is Here: What You Should Expect Now to go over everything you need to know going forward even while you’re GDPR compliant.