Here are the key things you need to know about GDPR!
The General Data Protection Regulation (GDPR) came into effect on 25th May 2018, yet there are many recruitment agencies, and UK businesses in general, that are unaware of exactly what it is, or exactly what they should be doing to ensure they are compliant.
In brief, it is a framework for data protection laws, replacing the 1995 EU directive and, from a UK perspective, the Data Protection Act of 1998. Essentially, it has been put in place to bring together the data privacy laws across the whole of Europe, provide greater protection and rights for individuals and ensure that businesses manage personal information in the right way.
Let’s break it down
7 things you need to know about how you should manage a person’s data:
1. Ensure the individual provides clear and positive consent to use or process their personal data
2. Provide the person with the means to withdraw consent (this process should be as easy as giving it)
3. Be clear they know how their personal information is being used
4. Make sure their personal data is up-to-date
5. Have a clear and uncomplicated process for transferring their data to another organisation
6. Provide them with the right to be forgotten (deleted)
7. Notify the person of a data breach
3 obligations on businesses to ensure they have secure and effective data protection procedures:
1. Record data processing activities
2. Keep personal data secure
3. Manage Subject Access Requests (SARs). NB. Data must be provided to the individual within 30 days
Can you be fined if something goes wrong?
Whilst there is no need to panic, the short answer is Yes!
For new agencies, fines can apply if a person’s data is not processed in the right way, or there is a security breach. Whilst fines can be as high as 4% of turnover or 20 million Euros, the approach being taken by the UK’s Information Commissioner’s Office (ICO), who will enforce the GDPR, is to help organisations wherever possible, especially where they show a willingness to implement the GDPR across the business.
What about systems?
It’s vital that the software you use to support your business processes is GDPR compliant. If you are yet to select this type of software, then compliance should be a key element in your decision-making process.
Where can I go for further information and help?
There is a lot of information out there about the GDPR, but the following website is a great place to start: