It’s August 2018, and if you’re asking yourself “What is GDPR?” you may be in some trouble. Your candidate data processes probably need to be updated to comply with this new law, which is why we put together a GDPR compliance checklist for you.
However, let’s begin with some of the basics:
General Data Protection Regulation, or GDPR, came into effect on May 25, 2018 and brought with it significant changes to the ways organizations handle data. While GDPR is a regulation in the European Union, any organization that conducts business in the EU is required to follow its guidelines.
Here’s a brief overview of the key changes made by GDPR:
- Easy-to-understand consent terms must be given by companies
- Withdrawing consent must be as easy as giving it
- Data breach notifications must be given within 72 hours if the breach results “in a risk for the rights and freedoms of individuals”
- Individuals, also known as data subjects in regards to GDPR, now have the right to inquire if companies are holding their personal data, and if so, to request a copy of that data free of charge
- Data subjects have the right to be forgotten – this means companies would have to erase personal data, stop disseminating data and tell any third-party vendors to cease processing the personal data if so instructed by the individual
- Valid GDPR complaints carry penalties of up to four percent of annual global turnover or just over $26 million – whichever is higher
As you can see, there are quite a few new rules to follow concerning data privacy, and non-compliance with these GDPR regulations can end up hurting your company’s reputation and bottom line. HR departments, in particular recruitment teams, are especially impacted due to the large amount of data that comes through in online job applications. The best way to get ahead of these problems is to start with this brief but important GDPR compliance checklist:
- Choose a GDPR Lead – this is a person who will be accountable, though not necessarily responsible, to ensure your HR team meets GDPR compliance standards.
- Review Your Policies and Processes – your application processes and recruitment privacy policies have to be GDPR-compliant, which may mean updating as needed.
- Conduct an Audit of Outside Vendors – if your company uses outside services for background screens, reference checking, assessments or drug testing, then those service must also be GDPR-compliant. Confirming that they meet GDPR privacy standards will save your company from a huge headache down the road.
- Document, Document, Document – make sure your team has a clear understanding of data processes, such as where candidate data is stored, as well as what type of data your storing and how long you have to keep it.
For more information about the key elements of GDPR, how it impacts HR teams and how you can maintain compliance, please watch this webinar recording, An Introduction to the GDPR for Human Resource Professionals, presented by iCIMS’ General Counsel and Privacy Officer Neal Dittersdorf and Kevin Coy, partner in the privacy practice at Arnall Golden Gregory LLP.