I have recently successfully achieved the EU Foundation & Practitioners GDPR Course through the Knowledge Academy. The course provided an indepth look at the coming GDPR legislation that will affect all businesses throughout the UK. As a respected Recruitment Consultancy I felt it was vitally important to be fully aware of the new legislation and how to make sure the business was fully compliant in all areas that affected us. Since we hold the PII (Personal Identifiable Information) on thousands of candidates it is crucial that we safeguard this data against any form of breach, and have the necessary procedures and policies in place should such an event occur.
I would strongly recommend anyone using the services of a Recruitment Agency, whether you are searching for a new job or looking to recruit someone, to check that the Agency is fully compliant with GDPR and to ask them to show what steps they have taken to ensure they are compliant. There are various Rights you will have as a Data Subject and it is the Recruitment Agencies responsibility to make you aware of these through their Privacy Policies, which should be easily accessible on their website, at it is with ours. The main criteria for any data subject that has been registered with an Agency is to ensure that your data is secure and is not passed on to any third parties. You should also have been contacted by the Agency and asked for your consent to keep your data on file. You should also look into their Retention Policies to find out how long your data is kept on file. You have 30 days to reply, if you don’t reply within that time period your data should automatically be erased from their database. If this is not done you can request it to be done and you can contact the Information Commissioners Office to report a breach.
I would strongly recommend that everyone research where their CV has been uploaded, especially if you have used job boards as you will not be contacted for your consent as they will be able to keep your data on file as Legitimate Interest for marketing purposes. If you are no longer looking for work then you could request that your data be deleted immediately. The job boards are then responsible for informing all third parties, ie Agencies that may have downloaded your details to delete them from their records also.
Please come back to the site periodically as I will be continuing to add updates and useful tips to over the course of the next few weeks. GDPR is law on 25th May 2018….