Recruitment agencies are essentially data-driven businesses so it stands to reason that any changes to data protection laws are going to have a significant impact.
Even though GDPR does not come into effect until May next year, it is time to sit up, take notice and get prepared.
We kicked off our blog series on GDPR with an introduction to the regulations and an overview of the main areas of concern for recruitment agencies. Read this post
Here we drill down a bit further by looking at a 6 point plan of action that can be implemented now to ensure that you will be well on the way to compliance with GDPR come May 2018:
1. Appoint a Data Protection Officer
Having one person to spearhead your strategy for GDPR means that your plan of action is centralised and can be rolled out consistently across your organisation. If you don’t have the skills in-house, don’t forget you can speak with us. Liquid Friday can be appointed as your Data Protection Officer and offer you a low cost, high value service, helping you remain compliant.
2. Review current DPA and privacy policies
If your current policies are compliant with the Data Protection Act (DPA), you shouldn’t have too far to go to meet the requirements of GDPR. Your privacy notice will need to include your legal right to process data, how long you retain data for and how candidates can complain to the Information Commissioner’s Office (ICO). Liquid Friday can work with you on this, we have experts on hand to help you tailor a Privacy Notice fit for your business.
3. Map out your risk areas
This is all about identifying the personal data you hold, where it came from and who you share it with. Make a record of how and where you currently store, process and collate candidate data.
4. Simplify your data management
Much like appointing a Data Protection Officer, centralising how you hold and manage your data will make complying with the requirements of GDPR much easier.
5. Publish your candidate terms of engagement
The key thing here is clarity and transparency. Put together a clear set of terms and conditions of engagement for candidates, documenting how you store, use and share their data, and their rights to access and deletion.
6. Document your data breach procedure
Under GDPR, all businesses must report data breaches to the ICO. It is good practice to have documented guidelines for how any potential data breach is investigated and reported.
Liquid Friday’s certified GDPR practitioners are available to help agencies get GDPR-ready to ensure ongoing data protection compliance.
We can work with your data protection officer and in-house teams to identify your risk hotspots then review and update your current policies and procedures for the collecting, handling and storing of data. Alternatively our team can handle all the work for you.
Click on the link below to request a call back from our specialist GDPR assurance team, or see how prepared your business is already by taking our survey.