On 25th May 2018 the European Union General Data Protection Regulation (EU-GDPR) comes into force. This equates to a game-changer and it is one of most significant shake ups of information security for many years. The GDPR applies to any organisation or business, world-wide that processes the information of EU citizens.
As the UK is set to leave the EU, the UK government is writing the GDPR as a legislative instrument into UK law. This is necessary to harmonise data security standards across Europe, avoiding barriers to trade and preserve security information sharing to combat crime and terror.
At first glance, the chief organising idea behind the compliance framework seems to be protecting the rights of individuals and empowering us all to have greater control over our personal information. For example, under GDPR, one of the cornerstones is that we can ask to see the data organisations and businesses hold about us and ask them to delete it, if we so wish.
To provide the ability for organisations to manage data so that they can execute such requests, GDPR creates a robust information security framework and in turn a safer, more secure digital information environment. And beyond software, systems and best practice, it promotes a cultural shift in attitudes towards treating personal data more appropriately and with greater respect.
At its heart, GDPR makes organisations and businesses which collect and process personal information more accountable and responsible for multiple aspects of handling data, including:
In the shape of CVs containing educational and employment histories, qualifications and accreditations and copies of passports and driving licenses, recruitment firms hold some of our most important personal details. Add in the results of psych tests or other selection methodologies, and it is likely the majority of individuals would want to see very high standards of data security in place. Indeed, perhaps the only data that many would attach a higher privacy value to would be financial information, including access to accounts and medical histories.
Image information such as CCTV footage, and biometric data such as fingerprints and DNA enable individuals to be recognised; widespread use of iris and retina scan identification may be the stuff of sci-fi, but it is unlikely to remain so forever. The whole issue of privacy is set to intensify in line with the mushrooming of data and the need for security.
When a candidate or a contractor applies for a role, inevitably, at some stage in the selection process, personal information is shared. Once shared, what protocols govern how the organisation or business that receives the data protects, stores, uses, processes and shares the data?
To gauge the level of preparedness across the UK recruitment sector in relation to GDPR, we conducted two short online surveys. Firstly, to get the view from the inside, one survey was aimed at recruitment firms. Secondly, to get the view from some of those closest to the issues, we surveyed contractors and temps.
1. Have you heard of the GDPR (General Data Protection Regulation)?
2. Do you have a good understanding of the importance, if any, of GDPR for recruitment agencies?
3. Does your agency have in place an IT or information security policy?
4. Do you control access by agency staff to CV and candidate contact data using secure passwords or other security measures?
5. Do you engage with 3rd party firms, such as clients, on the assumption that IT security, confidentiality and privacy is a primary consideration?
6. Do you use IT service providers to look after any of your systems, or software vendors to provide cloud applications, such as an Applicant Tracking System, ATS?
7. Does your agency have in place an IT or information security policy?
8. Do you control access by agency staff to CV and candidate contact data using secure passwords or other security measures?
9. Do you engage with 3rd party firms, such as clients, on the assumption that IT security, confidentiality and privacy is a primary consideration?
10. Do you use IT service providers to look after any of your systems, or software vendors to provide cloud applications, such as an Applicant Tracking System, ATS?
1. Are you satisfied recruitment agencies always handle your personal data in a way that protects your privacy?
2. Have you ever felt a recruitment agency misused details in your CV or contact information?
3. Are you satisfied with recruitment agency timesheet and payment processes?
4. Have you ever been paid late because of delays in processing paperwork or timesheets?
5. Have you ever missed a credit card, rent, mortgage or other debt repayment because an agency paid you late?
6. Do delays to payment affect people’s attitudes to work, their employers or productivity?
7. If a recruitment agency has its data stolen, is it the fault of the companies that provide its IT services or make its software?
8. If a recruitment agency has its data stolen by an internet hacker, is it fair to blame the agency?
9. Is it fair to blame the agency if your data was stolen by an ‘insider’, someone employed by the agency?
10. Have you heard about GDPR, the new data security standard?
There is a significant opportunity for many recruitment firms to exploit GDPR to obtain competitive advantage.
The opportunity provides the chance to explore the potential for:
The best way to see ETZ is with a quick online demo. We’ll show you how you can reduce paperwork and save up to 85% of your agency’s back office processing costs.
Simply fill in the form, or if you can’t wait give us a call on 0800 311 2266 and talk to our friendly team.