0330 100 8695 newbusiness@outsauce.net

GDPR In Recruitment – Stay Compliant

The General Data Protection Regulation 2018 (GDPR) will come into force on 25th May 2018.

All recruitment businesses will need to review the points below in preparation for the launch of GDPR if they have not done so already.

  • Assess the impact of GDPR to your business; what processes need to be amended if any, will training be required and is there a cost associated?
  • Ensure all staff understand what qualifies as Personal Data and with whom it can be shared in line with GDPR.
  • Who currently deals with an applicant or candidates’ subject access requests? Will the process  remain the same and are your staff aware of the new time scales and recipients expectations.
  • Is a data Protection Officer required? What steps need to be taken to appoint one if necessary?
  • How will you ensure compliancy going forward?

GDPR will mean something different for recruitment agencies, especially the section regarding explicit consent. In particular, recruitment businesses should understand what their consent mechanism should be. The sooner it is compliant, the more data you can work with.

Here are a few things to consider to ensure your business is best prepared for May 25th:

  • If you outsource any of your back office processes, you will need to confirm what your supply chain is doing to prepare for GDPR and what impact this has on your business and compliance.
  • Sharing candidate data with a third party, whether that be your pensions or payroll provider, employer clients or an umbrella company, is inevitable. To ensure compliance, your privacy policy will need to be reviewed and made available. You should also confirm that this has been completed for the third parties you work with.
  • Is your CRM geared up to ensure your processes; including data storage; editing and subscriptions remain GDPR compliant?
  • Do you have explicit consent to hold the personal data of the all the candidates on your database, both current and historic and how will you receive this going forward?

Keeping Our Clients GDPR Compliant
As an Invoice Finance and Back Office provider to a wide variety of Recruitment Agencies, we have been working with REC and our suppliers to ensure we have completed all necessary checks. In the scenario where we provide services to an agency, we act as the ‘data processor’ as well as the agency. Here is what Outsauce have done in preparation for the new GDPR rules that will come into effect from 25th May 2018:

  • Our Data Privacy Policy has been updated and is available to view on our website https://www.outsauce.net/data-privacy-policy/
  • We are currently auditing of the data we hold, its purpose and how we originally obtained it.
  • Contracts and processes with business partners have been reviewed and understood by our Compliance Manager.
  • Regular data review plans have been implemented to ensure compliance going forward.

Want To Know More?
We will share fresh content on GDPR over the coming weeks to ensure a smooth transition to the new regulations. Our next feature will include the advantages of GDPR and how  it can be  used  as an opportunity to build a secure and quality database.

In the meantime, the ICO website has a 12 step checklist on getting prepared https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/

If you’d like to know more about how Outsauce are supporting Recruitment Agencies through GDPR and beyond contact us directly on 0330 100 8695

St Georges House
13-14 Ambrose Street
GL50 3LG