Well, here we are. It’s GDPR day! Things will never be the same again. Doom and gloom.
OK, that’s a bit over the top, but to hear some people go on about GDPR you would think the world was ending.
Today GDPR comes in to force in the UK; however, it’s not the same as jumping over a cliff edge. If you’re not quite up to speed with everything, you’re not going to be facing a fine by 5pm. So take a deep breath and do try to remain calm.
However, if you’re still not entirely sure what impact GDPR is going to have on your business and operations, then it’s definitely time you started doing some research, so you’re not completely caught off guard in the coming months.
For example, do you know what you need to do when it comes to recruitment and selection of employees? Surely GDPR isn’t going to have any reach when it comes to people who don’t work for you?
When you put out a job advert you will be encouraging people to get in touch with you to apply. Obviously, when this happens, you will be provided with various personal information about these applicants. Names, addresses, emails, phone numbers, social media handles etc. You will therefore need to provide them with information on what information you need, why you need it and what you plan to do with it.
You might simply keep the information for the duration of the recruitment process; however, it might be your policy to keep applicants on file for the next round of recruitment you intend to do. If that’s the case, you will need to make it perfectly clear, and obtain their permission. If you plan to outsource some of the recruitment process to an external agency, you will also need to make that clear and obtain permission. Otherwise you are sharing their information without their consent or knowledge. That is a breach.
If you are using a recruiter, then you need to ensure you have a paper trail between you, and the provider, outlining the same information: what data will they hold, why, for how long and what will they do with it.
Once you have employees, what do you plan to do with their information. Assuming you already have staff you will need to go back and look at their employment contracts to see what permission, if any, they have already provided when it comes to the collection of personal information.
In many cases previous consent won’t be regarded as still being valid, as these are often provided on an imbalance of power basis (i.e. sign it, or don’t get the job). It hasn’t always been explicitly clear what employees are agreeing to, and moving forward, this needs to change. Don’t make the mistake of assuming that everything that was in place prior to 25th May is going to be adequate for record-keeping purposes.
Knowing what to do can be complicated, which is why it is vital you seek the right advice for all aspects of your business. If you want to find out more speak to the team at People Matters.