General Data Protection Regulation
With The EU’s General Data Protection Regulation (GDPR) having been implemented a year ago on 25th May 2018, the implications that the businesses have witnessed in the way they collect, process, store and share a candidate’s data are profound. We at Quantic have adapted changes in processes to establish absolute compliance with the new guidelines laid out in this law.
With the threats of massive fines looming over businesses, absolute transparency and candidate’s consent is prioritized when sourcing candidate data.
So what are the primary takeaways from GDPR for recruiters?
The GDPR’s framework lays down some key directives that directly impact the daily work of recruiters and their coordinates.
- A legitimate purpose to use data– According to the GDPR the data can be collected only if the intent is proved to be ‘specific, explicit and legitimate.’ GDPR also states that once data is extracted lawfully, it must be relevant to the purpose it intends to serve.
- Intent to use data must be made clear: This implies that only if a candidate appears qualified for a specific job and as a recruiter you wish to contact him within 30 days, his data can be sourced. Scope for building a talent pool for later use does not exist anymore.
- Consent to process sensitive data must be sought from the candidate: To use any data that has been acquired and saved, the recruiters have to mention the specific purpose for which the data will be used. This is imperative especially in case of vulnerable, non-professional details such as biometrics, gender, cultural or ethic belongings of a candidate. A complete disclosure of the candidate’s options and rights to withdraw (even in case of previously given consent) data must be made known to him.
- Data transparency while processing data– A candidate holds the right to access the data that has been provided to the recruitment agency. All data controllers must therefore enable a framework using which candidates can move, copy or transfer their data for their ‘own purposes’ across a variety of IT systems.
Moreover, the candidate must have the freedom to edit or delete data to remove any anomalies or even restrict further use of it.
- Responsibility of compliance rests with the recruiters:In event of a breach being detected, the onus of the fail rests on the shoulders of the recruiters.
What does GDPR mean for candidates?
Quantic recognizes GDPR as a paramount move towards benefitting candidates and safeguarding their personal, as well as private information.
- It gives candidates the right to ‘be forgotten’– Should a candidate express the desire for his personal data to be deleted, under the guidelines of the GDPR, the recruiter has one month from the date of request to identify all the places where the candidates data has been stored and remove it.
- Candidates have the right to view their data– Candidates have the right to access, edit and delete any data that the recruiters might have. In compliance with the GDPR, the recruiting firm must furnish the candidate with an appropriate electronic document of the candidate’s data and must make relevant changes within one month of candidate’s request.
Quantic Global is GDPR compliant. Continuing with our commitment to be a trusted business partner for both clients and candidates, we ensure that all our data is stored, collected and used cautiously.