GDPR seems to be attracting more headlines in my echo chamber than the royal wedding. In many cases, these headlines scream frustration.
There is so much confusion amongst clients about GDPR in relation to recruitment and hiring strategies that so far, we seem to be seeing new and often unnecessary processes all over the place.
If you are an SME, then it is likely you haven’t had the time to go to GDPR workshops, listen to webinars, hire someone to create a process and develop your own strategy. You may therefore enrol the help of recruitment agency to save time and money.
Consent is at the heart of GDPR. It’s about individuals consenting for an organisation to hold and process their personal data. Recruitment agencies like us are dedicating significant hours to ensure our database has fully consented, and I am sure that many of our competitors are doing exactly the same.
If, as an SME, you choose to use a recruitment agency for your hiring strategy, all you need to check is that the agency you work with has consent from the candidate to hold and process their data, and that for each individual role, they have consented to the introduction.
If you are not interested in that candidate, it is important that you delete the introduction, as you do not have permission to hold their data. However, if you are interested, you may process their data (for recruitment purposes only) for the duration of the hiring process.
Things to note:
You do need:
- To know that your recruitment supplier is GDPR compliant.
- To know that if you advertise directly, you need to gain consent from the applicant to hold and process their data for that vacancy only.
- To destroy candidate details if they are unsuitable.
You do not need:
- Written consent for each application/CV you receive from a recruitment agency providing you are confident that the agency is GDPR compliant.
- To ask for blind CVs – this is not relevant to GDPR (although it’s a great way to improve diversity!)
So please don’t panic, don’t create systems that clog up your recruitment processes. Keep it straightforward, and simply check that consent has been obtained.