The General Data Protection Regulation (GDPR) is a European Union regulation that is soon coming your way and is going to affect the way you process personally identifiable information. No, the implications aren’t limited to just marketing agencies or sales callers, but it will affect human resource departments across the world. If you thought the rule only applied to countries within the European Union, you are wrong again.
Not only does the GDPR affect companies that deal with European Union citizens, but also other companies. EU regulations are often copied and replicated across the world, especially when it comes to data and privacy. This means, if you have been collecting email addresses, telephone numbers, etc. of potential job seekers, this will apply to you.
If you record potentially identifiable information of your own existing employees, you might want to make sure this data is protected, and that you have the explicit consent to use it only for the stated purposes. For example, you will not be able to share the information of your employees with your marketing departments, unless you also seek explicit permission for that as well.
Who is going to be affected by the GDPR?
Most HR professionals are not aware of the implications of GDPR on their line of work, and it is understandable that many are ignoring the possible ramifications. However, GDPR is not only going to affect marketing agencies and advertising professionals, it will also affect human resource departments and staffing solutions providers across the globe. Let us take a look at certain groups that will be affected by the GDPR rollout.
1. Recruitment agencies
Often, recruitment agencies capture personally identifiable information via websites, other staffing agencies, and even via marketing lists. However, these strategies will no longer work. Employee prospects will need to provide explicit consent for their data to be used. Consent needs to be affirmative and will have to be documented as well. This means you will need to change your approach regarding collecting data. Not following GDPR protocols may subject you to legal complications, as no matter where your staffing agency is located, you will invariably come under the purview of GDPR.
2. HR departments
HR departments not only store contact details but also several other kinds of information, some of which can potentially be an invasion of the employee’s privacy. HR departments need to be extra careful as they tend to store more personal information than they may need. Earlier, it didn’t pose a problem because employees felt compelled to share their personal information. You might also have to consider how you store all this information, and if it is encrypted on your own servers or on a cloud storage facility provided by an external vendor.
The HR Bartender has an interesting blog on this matter.
3. Online databases
Many staffing agencies and recruiters depend on online databases to hire employees. Such databases contain personally identifiable information, education and professional details, and other information which may sometimes be captured from LinkedIn and other websites. While some websites may permit you to use this information unconditionally, just because it is publicly available does not mean you have the permission or consent to use it. You will need to be very wary of databases, whether public or private and refrain from purchasing lists from vendors.
4. Marketing departments
Marketing departments often share their data with HR departments and vice versa. Usually, employee details are made available to sales and marketing departments within a company. This is done in order to up-sell and cross-sell products for employees at discounted rates, and also to promote certain partners’ products and services. However, this practice may soon need to be stopped as GDPR will need specific and affirmative consent to how you will use your employee data. Make sure that in the terms and conditions, you mention how you will use their personal information, and share it only if they provide documentable affirmative consent.
What must you do to comply with the GDPR rules?
While you may think that GDPR will not affect HR department, the truth is, it will, and it is going to be rolled out in just a few days. To make sure that you comply with the new rules and regulations, here is what you can do.
1. Seek explicit consent from existing and prospective employees
Each time you onboard new employees, make it a practice to get their consent to use their data. The consent should be documented, and you will need to speak with your legal counsel in order to draft terms and conditions in simple English. In fact, making things clear in simple language is one of the requirements of GDPR. Get the professional help you need to draft documents that explicitly describe how employees’ personal data will be used, with whom it will be shared, and until when it will be used by you. Similar consent needs to be acquired from existing employees too.
2. Do not purchase data related to prospective employees
If you have the habit of downloading employee details from online databases or purchasing prospective employee data from staffing agencies, you might have to stop doing this unless they too are GDPR-compliant, and are selling such lists in a fair and legally acceptable manner. Until the GDPR is rolled out and there is more clarity on this matter, it may not be a good idea to use existing lists and data.
3. Make sure staffing solutions are GDPR-compliant
If you manage a staffing agency and provide recruitment services to other clients, you will need to make sure that prospects have given their consent to you to share their data with recruiters. Make sure that you formulate your terms and conditions in such a manner that it is clear to candidates that their data will be shared with other recruiters or employers. Also, you will need to document this consent.
4. Do not use information for purposes other than those related to HR-department
Though it may be tempting for you to share the data to marketing agencies or even to the internal marketing department, you will have to refrain from doing so. If you have the consent to share personal data for the purpose of recruitment, you have the consent to do just that. Do not engage in unfair practices, and use this opportunity to clean up your practices and, of course, your database.
Is GDPR going to help you in anyway?
If you thought GDPR is all about restricting the way you use your employee data, you are quite wrong. The law is being rolled out to protect personal data, and stop unscrupulous agents form misusing shared information. This opens up many opportunities for you to improve your business and improve your brand images. These are some of the possible opportunities that complying with GDPR may have, in addition to avoiding lawsuits.
1. Data minimization
When you begin to clean up your database and start to delete contacts and information whose permission you don’t have to use, you will begin to clean up a lot of space. This helps you in many ways. Firstly, your data reduces, so that you will be able to focus on people that actually matter. Secondly, it helps you to free up space in your storage. Third, it helps you to implement data minimization, which is known to enhance productivity.
2. Cleaning up your database
When you clean up our database, you will have a clearer idea of who your existing employees are, how you can use their data, and how you can probably promote certain products and services to them. Secondly, deleting unwanted contacts will help you to hire better, without needing to contact people who may not actually be looking for a job.
3. A leaner HR department
Clearing up unwanted databases and seeking explicit consent will help you to function better. In fact, most HR departments are overburdened by unwanted or redundant employee accounts. Enforcing GDPR as quickly as possible will help you to make your HR department lean and productive. And that is something every company wishes to have.
4. More effective communication with existing and prospective employees
GDPR not only safeguards employee and candidate data, but it enhances communication and its quality. What’s the use of contacting a candidate who has already been hired? Worse, how is marketing a product to an existing employee who doesn’t want to be contacted reflect on you? Complying with GDPR helps you to improve relationship with both existing and prospective employees.
For a different perspective, check this article.
Seek help before it’s too late
As you can see, no matter where your business is located, you will need to comply with GDPR in order to avoid potential legal complications. If you would like to learn more about how to comply with GDPR, you can speak to a lawyer who is aware of data protection laws and privacy issues. At the moment, even lawyers do not have much clarity regarding certain aspects of the GDPR. However, in the weeks to come, there should be more clarity. In any case, complying will help you to avoid legal complications, scale your business, and improve employee relations.
You may also like: