When GDPR gives recruiters heavy boots
What will happen to the recruitment industry when GDPR comes into force next spring? How will an industry that makes its living by reviewing and archiving thousands of pieces of personal data survive a regulation that is fundamentally based on the individual's right to be forgotten? We take a closer look in this blog post.
Many of us are anxiously awaiting the Danish bill that embraces the EU General Data Protection Regulation. How strict will they be in relation to the processing of all the personal data that is basically the recruiters' livelihood?
From LinkedIn to your own archives
In particular, there are gray areas in the current report that can be interpreted in several ways. Which interpretation will prove erroneous and result in the big fines?
For example, what about social media and all the information we voluntarily post here? Surely it must be some kind of force majeure when we voluntarily give up part of our personal data and then find ourselves 'borrowed' to a headhunter's database?
Conversely, the postulate clashes with the concept of the 'Right to be forgotten' if the new processor of your data does not ask for your consent to the 'loan'. You have the right to want to be deleted from all electronic archives. How is this possible if you've now moved to electronic archives you knew nothing about?
In the service of a good cause
Another slightly shaded detail is 'purpose'. Once you've collected a collection of personal data for your own archive, you need to document the purpose. Not right now, perhaps, but to the authorities when they arrive. As a recruiter, you may have even gone to the trouble of searching specifically for the missing data, such as email address or other personal data that can support the picture you are building of the candidate. It's hard to believe that the authorities, in their efforts to protect personal data, will recognize your intention to, unsolicited, get your candidate a new job.
We have previously written about Big Data searching for the right candidate in the myriad corners of the internet. Is this legally correct? Or ethical?
Privacy with belt and suspenders
In general, we can only recommend that companies choose a solution that is as user-friendly as possible. Use a recruitment system that helps you comply with the concepts of 'Privacy by Default' and 'Privacy by Design'; electronically built-in information and consent requirements in exchange for your personal data. Make sure you know and can document the entire workflow for the use of the borrowed personal data: Through whose hands? For what purpose? And make sure that the borrowed personal data is deleted within the time frame set out in the Regulation or as agreed with the candidate.
The GDPR and the high fines are hardly a cunning attempt to make money, but an honest attempt to protect EU citizens. It also means that the authorities look more leniently on those who have done what they can to comply with the law.
Sign up for our newsletter
Tired of searching for relevant HR and recruitment knowledge? Sign up for Elvium's newsletter through the link below and automatically receive the latest HR trends directly in your own mailbox.
