You must now ensure that you are GDPR compliant.

What is GDPR?

The data protection landscape is changing. The General Data Protection Regulation (GDPR) is the biggest single change in data protection legislation. The new legislation, which came into effect on 25th May 2018, enforced a concept called, 'Privacy by Design'. This involves building a Privacy Framework, in which your company is obligated to demonstrate how you are accounting for all the privacy and security obligations which the GDPR will mandate.

Change to shared liability

The GDPR introduces shared liability between parties, and the recruitment process is a strong example of where commercial liability under this new law will be found. Under the new legislation, as a recruiter you will share 100% of the liability with your clients should any data breach occur during your handling of any client or candidate data.

With significant reputational risk at stake, as well as hefty fines of up to £16m for data breaches under the GDPR, clients are acting to protect themselves. There has been a significant increase in activity involving contract re-alignment by large enterprises, whose legal teams are clearly aware of the danger of non-compliant suppliers. Commercial advantage will be gained by those who comply with this challenge, by offering a GDPR compliant proposition to their clients.

Explicit Consent and personal data

Social media has expanded, and personal information is more readily available. Recruiters, for example, have utilised this data to engage proactively with individuals in order to create substantial CV databases, to find the right candidate. The GDPR demands explicit consent for all forms of initial interaction with any potential candidate, irrespective of how publicly available this information is. This includes LinkedIn, so the way organisations use personal information moving forwards will change radically under GDPR. SynergyGroup's GDPR advisory partners have 'real-world' experience of how to resolve this in a pragmatic AND commercial way.

Brand Protection

GDPR is more about brand protection than data compliance. Under new powers the Information Commissioners Office can audit and demand databases are deleted, rendering your company inoperable. Every organisation now has a responsibility to put plans in place to protect themselves and their clients as of 25th May 2018.

The compliance process can take many months, there’s no time to lose.