GDPR has been one of this year’s big issues for businesses in every sector. But how has the recruitment industry been affected, and where does it stand now?
The EU’s General Data Protection Regulation (GDPR) has been billed as “the most important change in data privacy regulation in 20 years”, but for many businesses, it’s been seen as an inconvenience. It’s required some major changes in how companies work, and in many cases has been a struggle to implement.
The recruitment industry has had its own challenges to deal with in this regard. One of the most problematic elements has been the introduction of retention periods for jobseekers’ personal data. Many agencies have had to delete this information after a certain length of time, preventing them from communicating with potential candidates.
It has now been six months since GDPR came into effect, which is plenty of time to assess how it has changed the recruitment sector. So what is the current state of affairs, and what should agencies be doing as we head into 2019?
Compliance is still a problem
By now, most firms should be clear what to do with their recruitment data. However, it seems this is not the case, as a recent study from computing firm CIPHR indicates. The company surveyed HR professionals, and found that 31 per cent do not delete personal data after the retention period has expired.
This is despite the fact that 83 per cent of HR professionals said they had defined retention periods for personal data. Furthermore, 35 per cent do not request consent from employees, leavers or job applicants to hold their personal information. These are easy mistakes to make, but not ones that should be happening this often.
Of course, as recruitment professionals, you can make the most of this. If you can be sure your processes are GDPR-compliant, you can use this as a way to market your business. HR departments can avoid making these mistakes by outsourcing stages of recruitment to agencies, giving you more custom.
Transparency and consent are key
So, how do you make sure your agency is compliant with GDPR? Bullhorn hosted a conference session with Gareth Cameron of the Information Commissioner’s Office (ICO), which is the body responsible for enforcing GDPR in the UK.
“Recruitment is about relationships and increasingly about data, and data is the key to business success,” said Mr Cameron.
He added that transparency and accountability are two of the key principles that underpin GDPR. Candidates should be made aware of what you are doing with their data, where it will be stored and for how long. Giving everyone the ability to access their own data is an easy way to make sure you’re complying with the regulations.
You should also make sure you’re getting informed consent from everyone whose data you store, although be aware that consent doesn’t give you permission to do whatever you want. You need to make sure both you and whoever’s data you’re using are aware of what you can and cannot use it for.
Recruitment is booming
Despite all these GDPR issues, the recruitment industry in the UK is doing very well. The Recruitment and Employment Confederation (REC) has found that turnover in this sector grew by 11 per cent in 2017/2018, to a total of £35.7 billion. It’s estimated that recruiters found 1.1 million permanent jobs for people in this period, and placed over a million agency workers per day.
This is obviously great news, but what does it have to do with GDPR? Well, as we mentioned earlier, the implementation of this regulation has made recruiting more time-consuming for businesses, which in turn seems to have made them more likely to outsource this to an agency.
All of this business might dry up, but CIPHR’s study above indicates that a significant number of companies are still struggling to implement GDPR properly when it comes to hiring. This leaves a significant niche for agencies to fill, and the growth in business seems to show this is a strategy that works.