30 July 2018 in The Call Takers Blog

GDPR - its not too late to start!

GDPR - it's not too late to start!

With the ‘go live’ date for GDPR looming, as Recruiters the volume of work needed in order to comply with the new legislation can seem daunting. After all, personal data – from our candidates, our clients and our own staff – is at the heart of everything that we do.  But one thing is clear, GDPR is happening and it’s here to stay.

In the ever-changing, ever more legislatively challenging environment in which we operate, it’s critical that recruiters have processes in place to ensure that we are compliant. After all, better candidate data makes us a more effective recruitment partner for our clients, and helps us to provide a better service to candidates who are engaged with us, and who want to work with us.

At Outsource, our GDPR project is well under way, and we are using the new legislation as a way to update our existing data protection policies and processes. However, we are also using the project as a way to really look at our data, and see what we can do better. But it’s not too late to get started! We’ve outlined our first five steps towards getting ready for GDPR for recruiters, HR and managers with recruitment responsibilities.

1.       Understand the legislation

GDPR legislation is a lengthy legal document which applies to all industries. So the first step is to identify what it means for your business. For us, this has meant working closely with the REC & APSCO, and using the resources on the ICO website.

2.       Audit

In order to know how GDPR will affect you, you need to know what data you actually have! So for us, we’ve audited on exactly what information we hold, and identified exactly where it all is.

3.       Data flows

GDPR legislation contains rules around how you must allow access too, correction of, and deletion of data, amongst many other things! So to enable this, you must know exactly how data is passed around the business, and who has access to it. We’ve produced data flow diagrams of exactly how data moves around our business.

4.       Grounds for processing

The legal bit! In a nutshell, in order to process data under GDPR you must be able to assign a legal ground for processing datahttps://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/ to that activity. It’s not all about consent!

5.       Cleanse!

A dirty word – no one likes to delete data that may have been collected over a number of years. But if you can’t assign a legal ground for processing, you shouldn’t really have that data, so cleanse, cleanse, cleanse!

Getting started on the above is a good way to start your GDPR readiness journey. And don’t forget – if you’ve been compliant with existing Data Protection legislation this really is just the next step.

Contact us to hear more about our GDPR compliance programme and the support we can offer you.



For more information call us today on 0800 470 1576

Can we help further? Get in touch below!

The best way to get in touch is to give us a quick call on 0800 470 1576 and one of our lovely team are available to help. If you want to email us about anything, please feel free to fill in the form below and one of our team will get back to you within 24 hours.

This website uses cookies - please click the button below to continue using the site