With shadowy organisations building voter profiles using Facebook data obtained under allegedly deceitful means and secretly filmed meetings of bond villain type characters, the Cambridge Analytica story has for the first time made the subject of data protection anywhere interesting for many people.

However, in recruitment we are much more aware of data protection issues, having had warnings and offers of advice arriving in our inbox from all angles. In fact you may think that there is not much about GDPR left to know. 

What is not well known is that the General Data Protection Regulation (GDPR) was born from the European Union's ‘Digital Single Market Strategy’, published in May 2015 and originally conceived to encourage small and medium sized businesses (SME) to trade across borders within the EU by standardising and simplifying what where local national data protection regulations. But many SME are claiming that GDPR contains such onerous data processing responsibilities and risk of enormous fines that the appetite for wider business communications will in fact be suppressed, not enhanced. 

Paradoxically, it’s the SMEs without the IT budgets of the multinationals who will struggle to ensure every customer record has been acquired, held and if necessary deleted, as the GDPR prescribes. 

In addition, the email spam that is one of the worst features of the modern digitally connected society will not be wiped out by the GDPR as it often originates from outside the reach of the EU or is sent by unlicensed or fraudulent senders who have little concern about compliance with GDPR.

The recruitment industry is likely to be hit particularly hard with its proliferation of small or even ‘one-man-band’ operations who are simply unable to dedicate the time to GDPR compliance when it risks them not servicing the clients who are their lifeblood. Many larger operators have decided that deletion of majority portions of their candidate databases is the only safe solution, meaning that those candidates will not be contacted for opportunities in the future unless they register again. Those who prefer not to be offered opportunities on a speculative basis will be happy, but it will surely suppress the total number of placements and therefore overall recruitment industry value going forward. 

Engage Technology Partners was set-up to provide an end to end recruitment solution that joined together end hirers, recruitment agencies and candidates all on one cloud platform. Transfer of personal data was therefore one of the major original considerations and we have found that our approach offers significant opportunities to the agencies who are concerned about meeting the GDPR compliance requirements. Our investment in systems to automate candidate registration, collection of identify documents, and management of reporting to tax authorities has included the facility for candidates to self-serve their own personal records. In addition, it has built in compliance with GDPR rules which determine how long and under what circumstances candidate’s personal data can be held.

Many business owners have speculated that the current ICO’s 400 staff will be insufficient to handle a possible deluge of complaints when GDPR comes into force. That number could well increase if Facebook ever does breach GDPR – the maximum fine applicable based on its turnover would be £1.1 billion!

Contact Drey on 020 8068 2900 for more information on how Engage can help you becomes GDPR compliant.

Engage Technology Partners