The General Data Protection Regulation (GDPR) is an essential EU law that affects organizations worldwide, enforcing strict data protection standards.
What GDPR means for recruiters and HR departments is that any personal data from candidates and employees needs to be handled with the utmost care. All sensitive information needs to be stored and processed securely, such as contact details, salary expectations, and health data with discretion and legality, always securing candidate consent.
Key takeaways:
- GDPR mandates stringent data protection, affecting global organizations, including recruitment agencies and HR departments
- It’s important to prioritize GDPR compliance, carefully managing candidates’ personal data and asking for consent for processing their personal information
- Candidates have the right to access, amend, or request the deletion of their data
- Transparency and compliance with GDPR are crucial for recruiters, impacting their relationship with clients
- Failure to comply with GDPR can lead to significant fines, underscoring the importance of proper data management
A brief history of GDPR
The current EU regulation on data protection dates back to the 1950 European Convention of Human Rights, which declares that:
“Everyone has the right to freedom of thought, conscience, and religion; this right includes freedom to change his religion or belief and freedom, either alone or in community with others and in public or private, to manifest his religion or belief, in worship, teaching, practice, and observance.”
With this in mind, Tribe is dedicated to ensuring that it is GDPR compliant. As recruiters, we receive and use personal data on a daily basis. This is why we handle all data sensitively and discreetly, from submitting candidate CVs to the hiring process.
With good talent management comes good data management. Our data management includes information including, but not limited to contact details, salary expectations, health information, etc. From a legal standpoint, any data we collect is specifically job-related and is from sourced candidates who we intend to contact within 30 days. At Tribe, we ensure that we always receive candidates’ consent to process their data e.g. disability information, cultural, genetic, or biometric information.
Candidate, know your rights!
Candidates have the right to be forgotten, meaning that at Tribe, whenever a candidate asks us to delete and stop processing their personal data, we do just that with no hesitation.
Candidates have the right to access their data and to amend it. This includes requests to ascertain what data we may possess at that point in time. In compliance with GDPR requirements, Tribe grants both requests within 30 days and provides the candidate with a free electronic copy of their personal data.
Recruiters, know your role!
Transparency is paramount – you should have clear privacy policies, and these should be readily available to all candidates upon request
Compliance also extends to your client, as any failure to comply would implicate them. When you join a client, it is advisable that you inquire about their GDPR compliance to make sure that they are up to speed (not all companies are, unfortunately).
It is worth noting that failure to comply has cost some companies hundreds of millions of euros, as shown in the infographic below:
Source: https://www.tessian.com/blog/biggest-gdpr-fines-2020/
Here at Tribe, we have an open-door policy and welcome all candidate inquiries regarding personal data. We are committed to collecting, processing, and storing personal data properly and safely. As responsible recruiters, protecting the data of our candidates is of the utmost importance to us.
Sources: