7 THINGS RECRUITMENT AGENCIES NEED TO TAKE INTO ACCOUNT REGARDING THE GDPR CHANGES

Thursday 15 February 2018

It should be relatively easy for recruitment agencies and payroll providers to adapt to the changes if they are already compliant. This is because GDPR is a replacement and enhancement of the existing Data Protection Actand most of the personal protection information remain, fundamentally, as they are now.

When businesses take time to understand the legislation they will realise that they already have many of the necessary processes and policies in place. However, it is still vitally important that customers, suppliers and service providers communicate effectively with each other so that one is not exposed by the failings of another.

The lack of guidance from the ICO on GDPR has resulted in many businesses not understanding the practical implications of failing to comply with the new legislation and therefore not taking any corrective actions or making significant costs engaging with an external advisor.

When working with agencies, I found that a key issue is based around consent and ensuring that they (usually the data controllers) have the consents to move the data through the supply chain. Most of the other changes can be managed in-house without getting the customers or other service providers involved. Many businesses now will be working out what the changes mean for them, however I think that over the next few months, more guidance and advice will be published by the ICO and therefore more businesses will implement their plans to ensure compliance.

OUR ADVICE WHEN TRYING TO BECOME COMPLIANT WITH GDPR

My advice for businesses is to undertake a risk assessment to determine the proportionality of the response. This legislation is of particular importance for recruitment agencies as where data is used simply to perform a contract, businesses need to ensure that the individual, the data subject knows exactly how the data will be used and has consented to that use. This cannot be viewed as a quick fix for May 2018, this is an on-going obligation and agencies need to work towards long-term, robust and manageable policies and processes so as not to get caught out in the future.

Ultimately, this legislation is a positive one as it has been introduced to protect contractor’s data, however they could potentially get irritated when service providers go to them for stronger, more positive, consents.


By Victoria McDonnell

Get in touch

Please select your type of enquiry:

Brookson on Twitter