At the European Job Board Summit on 9th November and 10th November we have a session run by forward thinking international law firm Taylor Wessing on pertinent legal updates and the upcoming General Data Privacy Regulation (GDPR). We are lucky enough to have Stephanie Creed sharing a fast paced presentation on, her area of expertise, the GDPR and how it will affect all job boards.
Stephanie is an associate in the Employment, Pensions & Mobility group specialising in all aspects of UK employment law, including drafting and negotiation of employment, consultancy and settlement agreements. She has developed a particular niche in relation to HR data privacy issues and GDPR. Stephanie has contentious experience in the Employment Tribunal, County Court and the High Court.
Do you feel confident you understand the GDPR and it’s implications? Ahead of the conference we share 9 top facts for job board owners about the new regulations.
1. GDPR (General Data Protection Regulation) comes into effect on 25th May 2018 and it will impact everybody working in the recruitment space. GDPR will replace the current Data Protection Act and is a new piece of EU legislation which seeks to strengthen and unify data protection for individuals in the EU, giving them greater control over their personal information.
2. It applies to all businesses worldwide that have access to and process “personal data” of any EU citizen, and even when Brexit kicks in it will still apply.
3. A breach of the new regulations could result in fines of up to 4% of global annual turnover or twenty million euros (whichever is greater) so it’s important to take it seriously!
4. In truth, you shouldn’t be thinking it’s all about fines, it’s about putting the individual first and frankly we should all want full control over our personal data. In fact you could consider it an opportunity to build stronger and better relationships with clients and jobseekers.
5. Your clients will be affected by GDPR too so they may have to change how they interact with you. Also investigate your relationships with email mailing providers and any other suppliers through whom you manage data.
6. It is your responsibility to ensure that your business is complying with the new regulations (including via any external suppliers like CRMS that you use) and it’s mandatory to report any data breach within 72 hours of discovery.
7. Here’s a key one; individuals (ie jobseekers/candidates) have the right to be forgotten by companies they have given personal details to. They can ask for their personal data back at any given time and you’ll have to do this within one month of the request. Individuals need to be informed of their rights, and their ability to withdraw their permission to access and hold their personal data.
8. Personal data isn’t just CVs it could include things like IP addresses, cookies and location information. In fact hardly any personal data will not fall under the regulations – making it difficult for organisations to avoid having to comply with its requirements.
9. Consent is key. YOU have to gain explicit consent to use personal data instead of assuming or gaining implied consent. That consent is time specific (and people can withdraw their consent once it has been given). So you need to be clear about why you want their details, how you intend to use them, the way in which you will store them and for how long.
At a recent webinar Stephanie Creed, with colleagues Paul Callaghan and Sian Skelton discussed what HR professionals with employees in the UK need to be doing to prepare for the GDPR, and introduced the HR Data Privacy products and services that Taylor Wessing has put together to help clients. It’s a nice overview ahead of the summit.