You might've heard of it before: GDPR (General Data Protection Regulations). This was recently passed by the European Union to increase the power of individuals to protect their information. As a talent acquisition manager, this is important because you're dealing with a lot of information about job candidates. For that reason, College Life has put together a GDPR Checklist to help you make sure you've got all your data sorted.
To make the best use of this checklist, learn more about GDPR if you're not yet familiar with it or don't know about any of changes that should be implemented in your company to comply with new rules. This will help you understand the list below and approach the hiring process in the best way possible. Your company and therefore its hiring team, needs to follow this GDPR checklist if:
- You're an EU company or your company is a non-EU company providing for EU residents
- You're hiring EU residents and collecting data from them
1. Share your GDPR checklist with your hiring team
It's useless to take precautions about the newly implemented GDPR if the rest of your team isn't paying attention to these rules. Be careful to explain that individuals grant access to their data to certain individuals and that it, therefore, cannot be shared. Also, share your new company policies with your team to make sure they understand how GDPR is followed in your company.
2. Prioritize the candidates' private information
Who did the job candidate give permission to access their information? Was there a breach in your database, meaning that their data is now exposed? Do you have measures to make sure they know that their data has been breached? Do the candidates know why you need their information?
These are all questions you need to ask yourself, because, a breach in job candidate data could result in fines or penalties. Again, make sure your team knows the answers to these questions as well. You'll notice that many of the items in the GDPR Checklist are related to one another.
3. Consult your legal team about the GDPR
To avoid any legal issues or subsequent penalties, if you're in doubt, ask your legal team. Work out the details with them because an incorrect assumption could lead to some consequences. If you're in doubt, your hiring team might be too. Make sure you share with them what you learn. You'll save yourself and your company a lot of time and money this way.
4. Only collect the data you really need
The GDPR stipulates that you need to be able to justify, at any given moment, why you ask candidates for particular personal information. Therefore, you should only collect information you really need and be able to provide a legitimate reason why. Sit down with your team and discuss what that data might be. Also, you are responsible to protect any data you collect. The more data you have, the more data you need to protect. Collecting minimal data, therefore, makes your life much easier.
5. Be transparent
This is perhaps the most important aspect of GDPR. Candidates always need to know what you're doing with their information and if it's being protected. They have the right to ask for it to be removed within a month of providing it. Therefore, you should do the following:
- Make it clear how your company can be contacted if an individual would like to delete their data
- Make sure your hiring team contacts potential candidates within a month of collecting their data
- Tell candidates what you need their information for and how you'll be safely storing it
Being as transparent and honest as possible will allow candidates to feel safe and protected. If there is a breach, let them know what measures you're taking to protect them. As long as your company follows GDPR standards and only works with companies also complying to these standards, you should be in the clear.