GDPR and the impact on YOU!
February 23, 2018 – As of May 2018, all EU employees will have more authority to decide over what happens with their personal data within the organization they work for.
On 25th of May 2018, the GDPR (General Data Privacy Regulation), intended to strengthen and harmonize data protection of all individuals in EU, will be implemented to reshape the way organization across Europe approach data privacy.
What does this mean for organizations?
Organizations need to consider different “consent” aspects (freely given, specific, informed, unambiguous) before processing personal data in the context of employment as GDPR stresses the existence of “clear imbalance” between data subjects and data controllers. Therefore, organizations need to consider these key aspects:
- Establish purpose for processing the data
- Make sure to have the procedures in place that allow employees to excess their rights
- Provide a data processing notice
- Include employees’ data when performing the DPA or when developing plans
- Legitimate interest of the employer
What does this mean for recruitment firms?
GDPR does not necessarily mean that recruitment firms will need to revamp their whole process, but it will have a significant impact on their recruitment processes nonetheless, as they are dealing with a lot of private data. These are the areas affected by GDPR:
- Processes: How you collect, store and use a candidates’ data during a recruitment process
- Data Management: Transparency on where your candidate data is being stored
- Documentation: Candidates needs to be aware of any changes to the original documents
Recruitment firms will need to clarify their internal processes in order to prepare for the upcoming regulations.
What does this mean for employees and candidates?
Employees, at their respective organizations, will be kept informed on what is happening with their private data. Candidates will feel safer knowing how their CV is documented, where it is stored and who it is exposed to. There will be increased communication between HR, employees, and candidates, creating a standard of transparency. The intention of the organizations will be clarified and documented, thus providing employees and candidates a sense of security.
To conclude, the fines from up to 20$ million or 4% of the annual turnover (whichever is higher) for non-compliance seems high, but the purpose of the GDPR is to provide transparency, accountability and putting EU citizens first. With that being said, organizations should generally treat employees’ data like that of their own.
© Avoras – People and Technology