Recruitment agencies are essentially data-driven businesses so it stands to reason that any changes to data protection laws are going to have a significant impact. Even though GDPR does not come into effect until May next year, it is time to sit up, take notice and get prepared.
Here we drill down a bit in to the topic by looking at a 6 point plan of action that can be implemented now to ensure that you will be well on the way to compliance with GDPR come May 2018:
1. Appoint a data protection officer
Having one person to spearhead your strategy for GDPR means that your plan of action is centralised and can be rolled out consistently across your organisation.
2. Review current DPA and privacy policies
3. Map out your risk areas
This is all about identifying the personal data you hold, where it came from and who you share it with. Record how and where you currently store, process and collate candidate data.
4. Simplify your data management
Much like appointing a data protection officer, centralising how you hold and manage your data will make complying with the requirements of GDPR much easier.
5. Publish your candidate terms of engagement
The key thing here is clarity and transparency. Put together a clear set of terms and conditions of engagement for candidates, documenting how you store, use and share their data, and their rights to access and deletion.
6. Document your data breach procedure
Under GDPR, all businesses must report data breaches to the ICO. It is good practice to have documented guidelines for how any potential data breach is investigated and reported.
Liquid Friday’s certified GDPR practitioners are available to help agencies get GDPR-ready.
We can work with your data protection officer and in-house teams to identify your risk hotspots then review and update your current policies and procedures for the collecting, handling and storing of data.
Click on the link below to request a call back from our GDPR assurance team or take our survey to see if your business is ready for May 2018.