GDPR is not just about protecting personal data

Recruitment businesses will need to demonstrate GDPR compliance

Data protection has always been an issue for any business that holds personal data and, as such, compliance checks have always formed one part of the Standards in Recruitment (SiR) accreditation audit. However, following the introduction of the General Data Protection Regulation (GDPR), due to apply from 25th May 2018, data protection will become a far more prominent area.

“GDPR is not just about protecting personal data, but about demonstrating that protection is in place in line with the principles. As from next May, it will no longer be sufficient to simply have a data or privacy policy in place, organisations will need to implement a whole host of steps including processes for dealing with technology breaches” says John Randall of the independent recruiter accreditation service.

“The new rules are getting a lot of air time and this is only likely to increase. It follows that workers will become increasingly aware of their rights and, due to the need to demonstrate compliance in this area, the issue of damage to reputation in the event of non-compliance is likely to emerge.”

Randall’s observations follow comments of the UK Information Commissioner, Elizabeth Denham, in a recent article in the Financial Times referencing GDPR, in which she said “Data protection is not a back-burner issue any more… Even if there’s a £15,000 fine as opposed to a £3m fine, there’s still reputational damage… [Companies] don’t want to be fined by the regulator, they don’t want an enforcement notice, they don’t want the publicity.”

The SiR process involves an onsite review of practice, in key areas set by industry stakeholders that underpin the compliance credentials of the business concerned. This follows a gap analysis that is designed to help identify areas of non-compliance and lead to improvement.  SiR is the UK’s only independent recruitment accreditation available to all recruitment businesses in any sector.

Randall concluded “Recruitment businesses need to remain attractive to candidates and hirers alike. GDPR requires demonstration of compliance and the SiR accreditation programme is all about this kind of demonstration and adding value to your business. When you consider that recruitment is becoming an increasingly competitive market place, in which reputation will increasingly play a role, the need to meet GDPR makes SiR accreditation even more compelling as a standard for serious recruitment businesses.

Recent Posts