GDPR Basics: What Recruiters & Global Companies Can Expect Hiring in the EU

Watch our on-demand GDPR webinar. Dive into GDPR basics for the recruiter and what they need to know. Click here to watch on-demand

Called the biggest shakeup in the history of online privacy regulations, recruiters and others who work in talent acquisition should be concerned about the GDPR, the European Union’s General Data Protection Regulation. When it goes into effect on May 25, 2018, a set of regulations designed to enforce the rights of individuals in Europe will come into play, relating to the processing of personal data. It will affect all companies that deal with personal data — recruiters included. Even non-EU-based companies who process personal data of individuals in Europe may have to comply.

What has prompted the GDPR? Data privacy concerns have prompted a number of governments and regulatory agencies around the globe to take action by enacting new legislation aimed at safeguarding the rights of individuals in personal data about them. The most notable example is the EU General Data Protection Regulations (GDPR), which imposes new obligations on those businesses who process and collect personal data — including the data you collect from applicants as part of your recruiting process.

What is GDPR?

So what exactly does the GDPR mean? It was designed as a replacement for the current Data Protection Directive 95/46/EC with the purpose of reconciling country-specific and sometimes conflicting European data privacy laws. As such, it will apply directly in EU countries replacing their national laws. Most importantly, it aims at changing the way organizations operating in the EU, or those collecting personal data from the individuals in the EU, approach data rights at large and privacy in particular. It also provides greater harmonization of the data protection regulations throughout the EU, thereby making it easier for non-EU companies to understand the rules for compliance.

The personal data that the GDPR aims to regulate includes consumer information and more importantly, for talent acquisition leaders, candidate information. The GDPR fundamentally changes the way recruiting teams to engage candidates in EU countries in the areas of resume and application storage, candidate data collection, employment branding activities, and candidate sourcing strategies.

But before we get into GDPR recruiting specifics, it is mandatory for many global organizations that process the personal data about individuals in the EU. Failing to comply could result in severe penalties of up to 4 percent of the organization’s worldwide turnover or EURO 20,000,000 – the higher of the two.

The GDPR includes a stringent data breach notification requiring the organization controlling the data to notify the regulatory authority unless it can be shown that the breach is unlikely to result in a risk to the rights and freedoms of the individuals about whom the data is. This notification must generally be given within 72 hours from the time the breach is discovered.

When the personal data breach is likely to result in a high risk to the rights and freedoms of individuals, the organization controlling the data is also obliged to communicate the data breach to the data subject “without undue delay”. Imagine the chaos that might ensue if a candidate is in mid-application or hiring process. The candidate opts out of storing their data leaving recruiting teams, their organizations, and the recruiting technologies that support them to move quickly.

How GDPR Impacts the Modern Recruiter

Today’s recruiters depend on candidate data for every aspect of their job, from sourcing to onboarding. GDPR makes the recruiting process not impossible but certainly more challenging. Most successful recruiters are also data management (and mining) pros. Because data collection is at the heart of recruiting, it’s imperative that recruiters are knowledgeable, prepared, and know the right kind of processes to create and questions to ask in support of their candidate data storage efforts. All this needs to happen very quickly since the GDPR will begin being enforceable on May 25, 2018.

We’ll outline what needs to happen in order to comply with the new legislation and what will change with regards to data collection in the second post and third post in our GDPR series.

Watch our on-demand GDPR webinar. Dive into GDPR basics for the recruiter and what they need to know. Click here to watch on-demand

*DISCLAIMER: This article is intended for informative purposes only. It does not constitute legal advice regarding the GDPR or any other matter, and may not be used or relied on for such purposes. You should seek the advice of competent legal counsel with respect to any particular fact pattern or issue.