Autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis at vero eros et dolore feugait

Tag Archive

How will GDPR impact your recruitment process?

The General Data Protection Regulations (“GDPR”) is a new set of European regulations that will overhaul existing Data Protection laws and come into force on 25th May 2018

The regulations are going to have far reaching consequences for how business look after their personal data, and to enforce these new regulations GDPR will also allow for significant fines for companies who breach these new rules.

Recruiters especially should make sure that they are transparent when processing candidate data during hiring. They should also ensure candidates can exercise their rights under GDPR.

When sourcing CVs

When asking candidates to send in CVs, you’re asking for personal information. Whether this is via a job board, an employment website, or directly via an email, you need to provide information on how the data will be processed (or used), how long it will be retained for, and if the data they shared with you will be transferred overseas (if, for example, you have multiple offices).

You will also be required to provide more information around how an individual can determine if you hold data on them, how they can check what this, how they can rectify the data it if is incomplete or wrong, and how they can enact their ‘right to be forgotten’. 

Security for CVs

Once you have received the CV, you will need to ensure you have a secure process that covers the storage of electronic documents with personal information. This may be in the form of recruitment or HR software, or in password protected files. You will also want to review who is able to access these, and for how long they are kept.

You should also be reviewing your document management systems. Agencies may make you agree to destroy copies of CVs or personal data, but the individual who sent in the CV may also make requests to find out what data you hold on them and amend or remove their data from your system. 

Erased, rectified, restricted or not processed

Under GDPR workers will have extended rights so, in addition to a right to inspect personal data held about them, workers may be able to insist their data is erased, rectified, restricted or not processed at all. Combined with a much tougher enforcement and penalty regime for non-compliance, businesses who ignore GDPR tread a very thin line. 

By understanding more about how GDPR will impact your business, you can negate any negative impact, and help potential employees reap the benefits of feeling more secure when they give their personal data to your company.

If you need help and advice regarding GDPR, please do not hesitate to contact me or the employment team on 0113 350 4030 or at hello@scesolicitors.co.uk.

If you would like to be kept up to date with employment law and dispute resolution updates, please subscribe to our monthly newsletter.

SCE Solicitors is a boutique employment law and dispute resolution practice based in Leeds which advises clients nationwide.  Please note that the information in this blog is to provide information of general interest in a summary manner and should not be construed as individual legal advice. Readers should consult with SCE Solicitors or other professional counsel before acting on the information contained here.