So it's been two months since GDPR came into play and the tidal wave of consent emails barraging my inbox from websites I haven't visited since the days of Myspace seems to have come to an end. Every site that I click through to now has a privacy notice pop up that I have to acknowledge as well as sometimes having a cookies pop up too! Even my job and the way we work in our office has changed but its all for the better.
As a Recruiter, you and your data are how I make my living so making sure your information is treated in the right manner so that we can keep hold of it is of extreme importance, after all, I can't just fill all of my jobs with randomers I met in the pub on a Friday night, can I?
In case you're not familiar, or you have been living in a cave with no access to the internet for the past two years, the EU parliament passed the General Data Protection Regulation (GDPR) in 2016 it went live on the 25th May 2018. The regulations were created to regulate how companies protect and process your data.
GDPR gives you control over your data and simplifies the regulatory environment for business by bringing them in line with the EU laws this supersedes the Data Protection Directive created in 1995.
In the GDPR regulations, there are 99 separate articles setting out the powers of individuals and obligations placed on organisations covered by the law.
There are eight rights for individuals listed in GDPR. These include giving you more comfortable access to the data companies hold about you, an array of hefty new fines for companies, that can go up to 20 million Euros or 4 percent of annual global (note, global!) turnover, whichever of both is highest and a clear responsibility for organisations to obtain the consent of people they collect information about.
The regulations massively expand the definition of personal data under the GDPR. The types of data organisations now collect about you, online identifiers such as your IP address now qualifies as personal data. Other data, like economic, cultural or mental health information, are also considered personal information.
Any information that counted as personal data under the Data Protection Act also now qualifies under the GDPR rules. GDPR also gives you "the right to be forgotten", and you can request for your data to be deleted and withdraw your consent at any time.
Now that the regulations have come into play, and its been a couple of months, we can already see the effects first hand every day. Some say that it won't be long before a major company is handed a hefty fine and everyone is trying their hardest to make sure they are in line with the rules. For some people this is making web browsing a nightmare, no one wants to spend all day clicking on privacy notices that come up on EVERY SINGLE WEBSITE every time you visit it.
Companies have spent months, even years preparing for GDPR because the consequences of breaking the regulations can and will be severe. The ICO lists any action that it takes at its website, and some quite hefty fines have already been handed out some of which are in the hundreds of thousands. You can find out more on the ICO and the penalties here https://ico.org.uk/action-weve-taken/enforcement/
Facebook was caught up in the backdraft of the Cambridge Analytica scandal in early 2018 and had a narrow escape as it was only fined under the data protection act as GDPR wasn't live, they were charged the maximum fine of £500,000 which would have been much higher under GDPR law.
At Employment Solutions, we have brought in a straightforward and practical set of procedures to ensure that we meet regulations and remain compliant going forward. Every candidate is asked first hand for verbal consent, and this is logged with a note added to their file to show the date and time this was given, this is followed by an opt-in email offering various options and levels of consent. If no consent is obtained or you request that we remove your information, your data is then purged from the system.
You can trust that Employment Solutions are treating your data correctly and will continue to do so!
What have you and your company done to ensure you stay compliant and how have you found it?
What are your thoughts on GDPR as a whole?