Companies that don't put adequate procedures in place or violate GDPR obligations can be fined four percent of their turnover, up to as much as €20 million. Recruitment departments must understand the role they play in ensuring their companies operate in accordance with the GDPR.
Theundercoverrecruiter.com highlighted the following five necessary tasks for recruiting departments.
1. Understanding the relationship of GDPR and recruitment
First of all, it's necessary to understand correctly what specifically personal data means for recruitment. This includes names, surnames, contacts, identification numbers, and other personal identity data. In relation to job applicants and employees, this includes CVs, employment history, education history, references, and details regarding rewards.
2. Types of personal data and storage
Once you have clarified what personal data you should protect, you should take practical steps. Start by auditing your current ways of collecting and storing personal data. Next, focus on who can access the data and how, and how long you store personal data. Based on the results, identify risk points. For example, you should permanently delete the personal data of unsuccessful job applicants.
3. Allocating the necessary budget and resources
Most likely, you will have to implement new systems and procedures due to GDPR, which will require a certain amount of money and other resources. Count on the fact that it will require a part of your recruitment department budget.
4. Revising contracts with third parties
If you use the services of personnel agencies and other external partners for the purposes of recruitment, you need to review the existing contracts with them, and focus on how these partners handle your personal data.
5. Training employees
Recruiters commonly work with personal data, so they should be properly trained to handle this sensitive data correctly in accordance with GDPR.
-kk-