By Peter Linas, EVP of Corporate Development and International, Bullhorn
GDPR serves an important purpose: to enshrine individual privacy rights and improve transparency and accountability. However, recent research undertaken by Bullhorn indicates that 60% of recruiters don’t think GDPR regulators will enforce the legislation. This is a worrying statistic; the penalties for non-compliance are real, and can cause significant reputational damage.
It’s in the best interests of all businesses to respect and adhere to the regulatory requirements.
And yet, firms are complacent rather than cautious, side-stepping compliance and carrying on with business as usual. While high-profile examples of punishment for non-compliance are few and far between, companies that fail to comply are being charged with data misuse and slapped with hefty fines.
Vote Leave, for example, has to pay a penalty of £61,000 for breaking GDPR – and the case has been referred to the police for further investigation. This is the first major precedent set for how non-compliance will be punished.
The business impact
Almost three-quarters (73%) of recruiters say GDPR has had no impact on their use of technology and software, while a similar number (71%) said it hasn’t affected their ability to engage with candidates and clients.
At face-value, this sounds like a good thing – the new legislation hasn’t disrupted the status quo. But it might also indicate that best practices aren’t being followed, which is a problem. The reality is, GDPR is a significant regulatory shift and recruiters should have seen some impact on the way they work by now. For example, firms should be gaining explicit consent from individuals to process their data for different processes. They should have also had their databases audited to cleanse them of any data they don’t have the right or need to use.
Looking ahead, the majority (79%) of recruiters agree that GDPR won’t have a negative impact on the industry in the long-term. As data protection changes and improves with time, firms can expect a positive impact on their practices – perhaps not surprising, given that GDPR is all about improving data practices.
Processes and preparation
Overall, the majority recruitment companies were prepared for GDPR. Over half (53%) of recruiters said they had enough training and support at an individual level, while nearly three quarters (73%) claimed that their company was timely and efficient in carrying out its compliance plan.
But let’s consider the flip-side to these numbers. Nearly half (47%) of recruiters said they did not receive enough training and support. And more than a quarter of respondents feel their company did not prepare enough to ensure compliance in the most efficient way possible – and may not even be compliant yet.
The three most common challenges hampering efficient, timely preparation were reported to be a lack of clarity around the terms of GDPR (cited by 58%), establishing new data processing policies (56%), and auditing all IT and other data-driven systems (44%).
Education and awareness
The challenges above all highlight the need for greater awareness and education around data protection. The problem, it seems, is that recruitment companies are not necessarily equipped with the knowledge and resources they need to comply with the new legislation. This issue is partly due to the fact that GDPR compliance is all too often seen as the responsibility of management or the legal teams.
The reality is that compliance is a responsibility that needs to be shouldered by everyone involved in data processing activities. A narrow mindset that dismisses GDPR as ‘someone else’s problem’ exacerbates complacency, and hinders progress.
To fix this problem before it becomes an expensive issue, recruitment firms need to work closely with their technology suppliers, provide full staff training, hire external consultants (if needs be) to audit their current systems and processes, and put new, compliant policies in place. These initiatives are not nice-to-haves: they are absolutely critical to ensure compliance with GDPR.
While GDPR’s mandate focuses on protecting the use of EU citizens’ personal information, it’s not confined to EU markets alone. The legislation affects any company, anywhere in the world that processes any EU citizen’s data. Given the increased mobility of overseas talent, this is very likely to have an important impact on the recruitment profession.
Rather than apply different policies and practices for different regions, recruiters must treat GPDR as global legislation. Whatever effort and resources companies have already put into compliance must be extended abroad where necessary.
Compliance is good for business
The recruitment space is brimming with innovative, data-driven technology that enables recruiters to work better and faster. So much so that some firms may bemoan GDPR as regulatory red-tape that aims to quash business’ use of these technologies and in doing so, will curtail growth.
This is not the case. Maintaining growth within the new parameters established by GDPR will require support, education, and agility. While most firms took the appropriate measures to prepare for GDPR, more still needs to be done to educate staff and ensure clarity around how recruiters can and can’t use their data stores. With the right policies, partners, people, and levels of awareness in place, recruiters can still maximise their use of their technology to support business growth.