How to use GDPR to your advantage

The main idea with GDPR is to give individuals more control over their personal data. Have you considered how the changes can be used to your advantage? By embracing GDPR you can make important updates to your data handling that will improve credibility and give your business an edge over your competitors.

The General Data Protection Regulation (GDPR) is a set of data compliance regulations that were introduced back in May 2018 to replace the Data Protection Act, which is currently used as guideline for businesses when handling personal data. Whilst most agency owners will already be familiar with the DPA, there are a few crucial changes involved in the migration to GDPR that impact on the recruitment sector.

The biggest impact that GDPR is having on recruitment is that as of May 2018, candidates either have to give explicit consent for their personal data to be collected/stored in our databases, or recruiters must be able to demonstrate that they have a legitimate interest to store that data, within 30 days of being stored.

Candidates also need to be informed of how and where their information will be used, and have the right to ask that their personal data be deleted at any time. GDPR compliance is all about showing intent and taking responsibility for your data. Implied consent is no longer sufficient under GDPR – if you’re not able to prove that the candidates on your database have been actively engaged with your brand within the time stated in your data retention statement, you’ll need to remove them from your database.

If you’re using consent as your legal basis for storing candidate data, it’s likely you’ll have to update your Candidate Agreement to comply with GDPR standards for consent, meaning you’ll still have to reach out to everyone on your database and give them the option to re-opt in.

To get started, please navigate to the Admin > Settings and review your GDPR data retention months and oral consent script. Your Candidate Agreement document should also be uploaded, this document is presented to the candidate when completing the online registration form and must be agreed to before the form can be submitted.

When a candidate is added to your database their GDPR status will not show as compliant until the candidate has opted in, either by completing the online registration form or by being actively engaged with your agency, which must be within 30 days of the candidate being added.

If a candidate's last active engagement falls outside your data retention policy, their GDPR status will show as Action Required and you should reengage with the candidate to either regain opt-in permission or agree to delete the candidate's personal data from your database.

You can update a candidate GDPR opt-in status by using the Called In Available feature or by creating a Tracker. Both features give you the opportunity to read your GDPR oral consent script to the candidate to gain oral opt-in permission.

A detailed GDPR audit trail is recorded against each candidate database record and can be viewed in the GDPR tab in the candidate profile.

If a candidate opted in via the the online registration form, the audit log entry provides a link to the Candidate Agreement document that was in use at the time. 

The audit log also records the oral consent script that was in use at the time the candidate provided opt-in permission via the the Called In Available and Tracker features.

If you have any questions or require any assistance then please do not hesitate to get in touch.