GDPR – General Data Protection Regulation. The acronym is starting to get regular press coverage, particularly in connection with its impact on financial services, insurance, investment management and other heavily regulated markets. These organisations are already looking at the potential ramifications of this new EU legal framework that will hit our shores in May 2018, even after the British vote to leave the EU.
One industry that will potentially be massively affected by the introduction of GDPR is Recruitment. Recruitment companies hold personal data on thousands of individuals within the EU: Date of birth, home address, contact information, passports, bank details, limited company details, national insurance numbers and so are a real hotbed for personal data. As a recruitment company that operates across Europe, we are going to fall under the GDPR regulations, whatever the outcome of Brexit negotiations and the fines for non-compliance can be substantial. Interestingly, despite the potential impact on the industry, a search of both the REC and APSCO websites (the professional bodies governing the recruitment market) returns zero results under GDPR. Why is that?
At Church International, we are here to look after the best interest of our clients and candidates alike. Part of that is being aware of new regulations such as IR35 to be able to offer guidance to both sides of the recruitment fence when needed. GDPR is no different. Candidates are already wary of providing sensitive and personal data to 3rd party companies such as us. They are concerned that a passport copy may be on a system that is open to attack. A simple CV has personal data that can be used in conjunction with other information to falsify a personal profile.
As a provider of specialist Information Security and Data Protection Consultants, we wanted to ensure that we were as prepared as possible for the enhanced data protection measures required by GDPR so have started to introduce changes to the handling and storing of data in line with the proposed requirements of the regulations. This has had the added benefit of helping us better understand the challenges that face our Clients with their own compliance projects.
Keep an eye out for my blog on how the recruitment industry, in general, proposes to handle GDPR and how the regulations work in the real world of recruitment for Church International.
If you are a client looking at the implication of GDPR on your organisation or a consultant with experience of GDPR I would be interested to hear your thoughts on how the regulations will affect specific markets. You can contact me on 01622 620713, email me at firstname.lastname@example.org or uk.linkedin.com/in/simonlongchurchint
Senior Consultant – Information Security and Data Protection
Click on a social media icon below to share and make a comment