You might've heard of it before: GDPR (General Data Protection Regulations). This was recently passed by the European Union to increase the power of individuals to protect their information. As a talent acquisition manager, this is important because you're dealing with a lot of information on job candidates. For that reason, College Life put together a GDPR Checklist to help you make sure you've got all your data ducks in a row. To make the best use of this checklist, read up about GDPR if you're not yet familiar with it, or know about any changes already implemented in your company to comply with new rules. This will help you understand the list below and approach the hiring process in the best way possible. Your company, and therefore its hiring team, needs to follow this GDPR checklist if:
- You're an EU company or your company is a non-EU company providing for EU residents
- You're hiring EU residents and collecting data from them
1. Share your GDPR checklist with your hiring teamIt's useless to take precautions about the newly implemented GDPR if the rest of your team isn't paying attention to these rules, either. Be careful to explain that individuals grant their data access to certain individuals and that it, therefore, cannot be shared. Also, share the new policies of your company with your team to make sure they understand how GDPR is embedded in your company.
2. Prioritize the candidates' private informationWho did the job candidate give permission to access their information? Was there a breach in your database, meaning that their data is now exposed? Do you have measures to make sure they know that their data has been breached? Do the candidates know why you need their information? These are all questions you need to ask yourself, because, a breach in job candidate data could result in fines or penalties. Again, make sure your team knows the answers to these questions, as well. You'll notice that many of the items in the GDPR Checklist are related to one another.
3. Consult with your legal teamTo avoid any legal issues or subsequent penalties, if you're in doubt, ask your legal team. Work out the details with them, because an incorrect assumption could lead to some consequences. If you're in doubt, your hiring team might be, too, so make sure you share with them what you learn. You'll save yourself and your company a lot of time and money this way.
4. Only collect the data you really needThe GDPR stipulates that you need to be able to justify, at any given moment, why you ask candidates for particular personal information. Therefore, you should only collect information you really need and be able to provide a legitimate reason why. Sit down with your team and discuss what that data might be. Also, you are responsible to protect any data you collect. The more data you have, the more data you need to protect. Collecting minimal data, therefore, makes your life much easier.
5. Be transparentThis is perhaps the most important aspect of GDPR. Candidates always need to know what you're doing with their information, if it's being protected, and they have the right to ask for it to be removed within a month of providing it. Therefore, you should do the following:
- Make it clear how your company can be contacted if an individual would like to delete their data
- Make sure your hiring team contacts potential candidates within a month of collecting their data
- Tell candidates what you need their information for, and how you'll be safely storing it
Did you enjoy reading about GDPR and recruitment? Find out more about talent acquisition in our Recruitment section for all the scoops on hiring.