GDPR and recruitment: Upping the stakes on privacy protection for candidate Personal Identifiable Information
Barely a week passes without some news of a major information security incident. Recently, we’ve had ransomware attacks exploiting the ageing population of Windows XP computers that are still being operated by the creaking NHS, and media and entertainment giants like HBO, who really should be locking things up better, being blackmailed over stolen episodes of Game of Thrones which are yet to be broadcast.
However, across the globe, information security is set to get a shake-up. On 25 May 2018, GDPR, or formally the European Union General Data Protection Regulation (EU-GDPR) comes into force. It is one of the most significant changes to the regulatory frameworks which govern business practice for many years.
Ostensibly, GDPR is a legislative instrument aimed at protecting privacy and the rights of individuals in regard to how Personal Identifiable Information (PII) is controlled and processed by businesses and public bodies. While this may seem to be of benefit mainly to citizens, it is actually a very strong premise from which to build a universal security framework.
Adhering to the framework enables businesses to achieve a better standard of security and helps to promote a more consistent approach to information security. For recruitment agencies this means greater confidence when sharing information with clients and supplier organisations as well as delivery partners and other third parties.
Following the framework also means the processes that support achieving compliance become embedded. The GDPR is designed to provoke a change in culture, and it doesn’t just include IT security measures and the practice of technology staff; it includes each and every user of business technology in your recruitment firm.
A good way to get a handle on GDPR is to consider the following key points about the legislation.
Recruitment businesses hold important and valuable information about significant numbers of people. In fact, with the exception of medical records, recruitment firms often hold some of the most valuable personal information that individuals possess.
If, address, phone numbers and email seem like run of the mill pieces of data, DoB, educational achievement, professional qualifications and accreditations and work histories certainly are not. Then, there may be copies of passports, driving licence and immigration documents.
And it’s not just the information your agency holds. It’s also about what data you share and who you share it with. The GDPR requirements around obtaining permission to process data, data breach notification and the penalty system are going to focus minds across the business world.
The best advice is for all recruitment firms to take control of preparing for GDPR as soon as possible. With the GDPR set to enter force on 25th May 2018, some might be forgiven for wondering: “Why the rush to take control of it now?”
However, there are no quick fixes to GDPR compliance. The best approach is a comprehensive assessment of where your recruitment business currently stands on IT security. Engaging with a good IT support company that is able to audit, identify gaps and work out how to get you to where you need to be to meet the GDPR standard is a good approach.
ETZ is developed and hosted from cloud infrastructure operated in line with ISO 27001, the internationally recognised standard for information security. Where appropriate, our systems will be updated to meet any changes to the standard required to accommodate GDPR.
“Thanks for all your work, I really appreciate it…as you know, there are a lot of suppliers out there who promise the world but delivering it is another thing! But..."Twain Henry-Lucas
“If we had stuck with the system we used 2 years ago we would have needed 4 or 5 extra staff to deal with the extra administration that comes with..."Glyn Lloyd
The best way to see ETZ is with a quick online demo. We’ll show you how you can reduce paperwork and save up to 85% of your agency’s back office processing costs.
Click the button below and book your demo or if you can’t wait give us a call on
0800 311 2266 and talk to our friendly team.