Recruitment and GDPR are very closely tied since HR managers handle large volumes of candidate data during the hiring and firing processes. Given that infringement can lead to fines of up to 4% of annual worldwide turnover or €20 million, companies need to assess how the GDPR affects their organization. Attend this webinar to learn the new obligations to data processors and data controllers, including those based outside the EU.
Data protection in recruitment has always been taken seriously, as the breach of employee data protection policy is an integral part of any corporate protocol. However, the introduction of GDPR changed the subject completely by offering an entirely different perspective on the data flows in companies. Thus, making recruitment GDPR-compliant requires much more than a simple change of some policy. GDPR makes a great impact on it, it requires a broader cultural change in companies based on awareness of data sensitivity and the importance of keeping it intact.
Recruitment and GDPR are very closely tied since HR managers handle large volumes of candidate data during the hiring and firing processes. Therefore, they face the need to manage increasingly large volumes of personal data that often remains dramatically unprotected. What could be previously tolerated to a certain degree is now illegal; hence, not to breach the laws of data protection in recruitment and to avoid litigation on these grounds, companies now struggle to adapt to the GDPR-induced changes.
To be able to apply recruitment GDPR properly, you need to understand such concepts as “personal data,” “data controller,” and “data processor.”
When we speak of personal data covered by the GDPR, this includes any personally identifying information like a personal name, a photo, an email address, or even the person’s posts in social networks. Other examples of personal data covered by recruitment GDPR include his/her banking details, details of the medical record, and even the computer IP address. Thus, under GDPR, all data subjects (that is, EU citizens) have data rights such as breach notification, right to access, right to be forgotten, data portability, and privacy by design.
Data controllers under the GDPR are entities authorized to determine the purposes, conditions, and means of personal data processing. In other words, a controller is a person or business organization able to use personal data for specific purposes in compliance with GDPR.
Data processors are entities that hold personal data on behalf of the controllers. Thus, a processor is a recruiting firm holding a database of candidate resumes or the company employing staff and storing their personal records.
Recruitment GDPR rules have affected recruitment and recruitment agencies to a large degree. It is hard to deny the fact that GDPR has actually made the work of recruiters harder by creating additional challenges and risks in the process. Here are the most important issues to keep in mind when thinking of GDPR and recruitment:
It’s imperative to update the recruitment software currently used, with new privacy requirements in mind. This change is costly and time-consuming, while recruiters will also need some training and time to learn to navigate new programs. Thus, the process of recruitment may stall for the transition period.
Recruiting firms have to conduct thorough data mapping now by determining which candidate data is collected in the recruitment process, through which processing stages it goes, and where it is stored. If you have a separate recruiting department, the process of establishing data mapping as a new procedure may take quite a lot of time and effort.
If you don’t have a recruitment department and rely on the assistance of external recruitment firms, be sure to check their policies regarding GDPR compliance. It’s imperative to work only with firms that comply with the GDPR to avoid litigation.
GDPR allow the collection of personal data only for active vacancies and only about people with whom a job interview will be held.
It is important to keep in mind that even though individuals may post their personal data in social profiles like LinkedIn, recruiters do not have the right to retrieve and store that data in their databases; they need to ask candidates for permission to process their personal information by indicating a specific purpose of data use and clarifying the procedure by which the candidate may withdraw that consent. Such changes will definitely complicate recruiters’ work, as the latter used to store some “hot candidates” list for specific positions and contact the most suitable candidates in case a proper vacancy arises.
Pretty much every business must comply with the EU's data laws, even if they're based in the US. This is because most companies have at least some data belonging to EU citizens stored on their servers. In order to process that data, the organization must comply with GDPR principles.
However, if you truly have no dealings with the EU, you can avoid having to comply using a traffic filter. By blocking any EU traffic to your website, you can make sure that only non-EU traffic is allowed to your website and only those outside Europe can enter their details onto your site.
One of the requirements is to have a data controller and a data processor for every organization. There's a distinct difference between a data controller and a data processor, as stipulated by the EU.
A data controller is responsible for setting out how and why data is collected but doesn't necessarily collect the data itself.
That means a controller could be any organization, from a small retailer to a global manufacturing giant to a not-for-profit, while a processor could be an IT services firm they employ.
It's the controller's job to make sure the processor complies with data protection law, while processors must maintain records of their processing activities to prove they abide by rules. Unlike older data protection laws, both the controller and the processor are jointly liable for financial penalties in the event of a data breach or if the processor is found to have handled data illegally.
It is possible for a non-EU-based controller to use an EU-based processor, in which case all parties need to be compliant with GDPR.
GDPR states that controllers must make sure it's the case that personal data is processed lawfully, transparently, and for a specific purpose.That means people must understand why their data is being processed, and how it is being processed, while that processing must abide by GDPR rules.
Consent must be an active, affirmative action by the data subject, rather than the passive acceptance under some models that allow for pre-ticked boxes or opt-outs.
Dr. Chartier is the Principal of HRinfo4u, a human resource consulting firm and a well-known educator and speaker. As a consultant, he works with organizations to improve the effectiveness and efficiency of their human resource function. He has worked extensively in designing, developing and implementing human resource program, procedures and systems for smaller and mid-size firms up and down the Hudson Valley.
Greg is a thought provoking professional speaker and his wisdom and insights into management and leadership make him an electrifying speaker and seminar leader. His seminars are customized to reinforce company mission, vision, values and culture and the content is practical for team leaders, managers, supervisors and executives alike.
Dr. Chartier has a Bachelor’s Degree in Political Science, an MBA in Finance and a PhD in Human Resources. He is a National Member of the Society for Human Resource Management (SHRM) and is certified by the Human Resource Certification Institute (HRCI) as a Senior Professional in Human Resources (SPHR) and a Global Professional in Human Resources (GPHR) as well as a Senior Certified Professional (SCP) by SHRM.
He served on the Board of the local SHRM Chapter, the Westchester Human Resources Management Association (WHRMA), as the Treasurer for nine years. In addition, Greg served on the Board of the Business Council of Westchester in a variety of capacities and continues his service as the Chair of the Human Resources Council. Dr. Chartier also serves on the Board of the Child Care Council of Westchester.
The General Data Protection Regulation (GDPR) was adopted by the European Union (EU) in April 2016 and replaced the EU Data Protection Directive 95/46/EC. The GDPR introduces new obligations to data processors and data controllers, including those based outside the EU. Given that infringement can lead to fines of up to 4% of annual worldwide turnover or €20 million, it is important for companies to assess how the GDPR affects them and be compliant from May 2018 onwards.
There are many aspects to be considered to ensure full compliance. For example, there are requirements for explicit consent to be freely given by individuals for their data to be used for specific purposes, as well as the right for individuals to request details of information held and for data to be deleted. Some organizations need to carry out assessments, ensure effective procedures are in place and designate a Data Protection Officer to meet new accountability requirements.
Registrants may cancel up to two working days prior to the course start date and will receive a letter of credit to be used towards a future course up to one year from date of issuance. HRTrainingAlert would process/provide refund if the Live Webinar has been cancelled. The attendee could choose between the recorded version of the webinar or refund for any cancelled webinar. Refunds will not be given to participants who do not show up for the webinar. On-Demand Recordings can be requested in exchange.
Webinar may be cancelled due to lack of enrolment or unavoidable factors. Registrants will be notified 24hours in advance if a cancellation occurs. Substitutions can happen any time.
If you have any concern about the content of the webinar and not satisfied please contact us at below email or by call mentioning your feedback for resolution of the matter.
We respect feedback/opinions of our customers which enables us to improve our products and services. To contact us please email firstname.lastname@example.org call +1-888-771-6965 (Toll Free).
This product hasn't received any reviews yet. Be the first to review this product! Write review