GDPR: how has it changed recruitment

Posted on 5/07/2018 by Eliza Mould


Author: James Warren | European Managing Director 

It’s now been over a month since the new General Data Protection Regulation came into effect, forcing EU-based businesses (as well as all other businesses handling data from EU residents) to rethink their data handling and storage policies.

Of course, with significant changes from the now defunct Data Protection Act (1998) — most notably the removal of the ‘negative opt in’ option — GDPR was naturally worrisome. Not only did the directive hold the potential to completely transform recruiting in 2018, but it also called into question the legality and ethics of standardised recruitment processes. In the run up to implementation, GDPR was met with a great deal of negativity, but now that we’re one month in, what’s the general feeling? 

Well… confusion! 

Within recruitment specifically, confusion is rife. A prime example is the use of messaging apps on company-owned devices. As we know, recruiters all across the world are beginning to adopt new technologies and utilise digital communications networks to facilitate candidate engagement. However, software such as WhatsApp, which accesses user contacts, is currently something of a grey area. Without the explicit consent of each contact stored in the phone book, can these apps be used by businesses? 

There’s also the issue of emerging blockchain technologies, which hold the potential to completely revolutionise accuracy and verification within recruitment, and facilitate better, speedier, and more solid hiring practices. The entire basis of the blockchain — an ‘always on’, tamper-free ledger — is called into question under existing GDPR clauses; is it right, or is it wrong, to maintain and store information?

Nothing is particularly clear. Still.

Even big names like Google are being open about their struggles to ‘make sense’ of GDPR, with the company’s Business & Operations President Matt Brittin publicly claiming that much of the legislation was confirmed far too late in the game for businesses to comply before the deadline. Google still appears to be in a bit of a spat with privacy activist Max Schrems over whether or not their collective terms and conditions are GDPR compliant, or whether each term needs to be a separate entity. 

GDPR Confusion

Part of the confusion stems from the fact that many have reported not receiving adequate GDPR training in those vital few months leading up to implementation of the new directive. Another part of the confusion stems from the fact that many small businesses simply don’t have the available budgets to enable them to fully understand — and indeed fully implement — necessary changes for compliance. A company offering privacy management software reported 10,000 new enquiries during the first 2 weeks after GDPR came into force, suggesting that many businesses have been struggling to become compliant.

Understanding GDPR

The good news is that GDPR is a definite learning curve, and the longer the directive is in place, the clearer the rules and regulations will become. In terms of recruitment, HR teams and recruitment agencies must turn their focus to the way they store, hold, maintain, and use candidate data and employee data, for both permanent jobs and contract jobs. This includes considering any third party vendor with access to this data, such as health insurance companies, pension firms, and so on. 

For employees and job candidates, it’s about knowing your rights; the right of access to copies of information, the right of rectification, the right of restriction, and the right to complete control over personal data. 

GDPR encourages a new and more crystal clear way of working, which is something we are huge advocates of.