Why change management is key to GDPR compliance

No Comments

GDPR compliance

Big Data is fast becoming the driving force behind many business strategies today— and has arguably affected the recruitment industry more than any other. However, given that the sector is purely based on personal data, every company will be severely impacted by the General Data Protection Regulation (GDPR) regardless of whether they specialise in Executive Search, Contingent, Contract, or RPO.

The GDPR comes into effect in May 2018 and will significantly change and update the data protection rules in the UK. It is therefore vital that recruiters both understand and comply with the new rules, not least because the increased penalties for non-compliance top €20 million or 4% of global turnover (whichever is higher). That said, those who embrace the legislation and seek to drive efficiencies will be richly rewarded.

Designed to safeguard personal information, the GDPR lays out essential requirements all recruitment agencies must adhere to. For example, every individual must give explicit consent for their personal data to be collected and used; they must understand how their information will be used; and all personal data must be destroyed after a prescribed period of time. With this in mind, it would be easy to believe everything related to GDPR compliance can be dealt with by an agency’s legal team. But the GDPR is not just about database or IT security – it’s about change management.

With the GDPR impacting everyone in a recruitment agency, it can’t just be left to the company’s legal ‘experts’. Anyone handling personal data has a responsibility. As a result, everyone involved in the recruitment process should now be assessing what personal data they capture, how it is collected, where it is stored, how it is used throughout the recruitment process, and what needs to be cleansed.

While this can seem overwhelming, with the right foresight and tools, achieving compliance is not only achievable but hugely beneficial company-wide. Just as it’s a given that, for recruiters, the agility with which they can gather and analyse data can give them the edge, reducing costs, improving efficiency and leading to more successful appointments. This skill will also give them the edge when it comes proving consent, enforcing security and sharing, or removing requested information. Which is why all recruiters should put data management, and dashboard solutions, at the heart of their GDPR preparation.

No excuses for not knowing

Any data management process requires organisations to know precisely what data they have. What the GDPR forces recruiters to consider, however, is where they hold every single piece of personal data. Should an organisation suffer a breach, “not knowing” it has unseen data or inconsistencies in the treatment of data, is not a permissible excuse. Taken in this context, the issue of the personal data that all employees in an organisation holds becomes far more complex.  The ability to quickly pull data from various sources into one place, and understand it, is giving professionals more power over their operations than ever before.

Dashboards are fast becoming the tool for planning and preparing for the change the GDPR will bring. And just as dashboards have reduced the time and potential for human error involved, in data collection and management, they serve the dual purpose of providing a detailed picture of all data held subject to the GDPR.

This thorough approach to data management not only offers a great start to GDPR compliance but also the opportunity to uncover and resolve data that is ‘hiding’ throughout an organisation’s network including sensitive information, personally identifiable data and duplicated information.

Five ways dashboards can improve data management for recruiters

1.       Consent

Under the GDPR, there are stricter requirements for consent. Data must be clearly distinguishable, easily accessible, and capable of being withdrawn. Separate consent must also be sought for other processing activities (such as when a candidate has put their details forward for one vacancy and they are then used for an unrelated purpose). Using a dashboard system can help recruiters examine their data processing procedures and assess whether existing consent will still be valid under the GDPR.

2.       Data Portability

Under the GDPR, recruiters must provide individuals with the ability to obtain and reuse the data they hold on them across different services. Dashboard solutions allows recruiters to segment and recall data easily in a consistent format.

3.       Data Security

A key benefit to undertaking a thorough data discovery and management exercise in preparation for the GDPR is the additional security this will bring to an organisation, such as finding ‘hidden’ data and enabling recruiters to ensure all sensitive or confidential data is appropriately segmented and subject to correct security procedures.

4.       Data Sharing

The ability to rapidly and consistently handle requests for information from individuals is crucial for compliance. Addressing this manually is time consuming and costly. By implementing dashboard software, this task will not disrupt day-to-day business, and recruiters will also be ready for exponential increase in requests for data.

5.       The Right to be Forgotten

Under the GDPR, if an individual asks you to ‘forget’ them, organisations are obliged to delete any personal data relating to them where there is no legal reason for its continued existence. This can extend to the sharing of this data with third parties. Putting in place a process that will enable recruiters to rapidly pinpoint and remove this data eradicates a traditionally tedious manual exercise and becomes low-impact to the business. Gaining a single view of active candidates, in real time, also enables recruiters to take a more analytical and informed approach to appointing the right staff.

Of course, these are just the first steps in an on-going process but they are crucial for any recruiter that wants to get it right first time. After all, understanding the type of data that will be affected under the GPDR is one thing. Having to search for where that data is held is another entirely and, without the right tools, one which is almost impossible – and one which becomes a company-wide problem.




More from our blog

See all posts