3.5 Misconceptions About GDPR

It is less than 6 months until GDPR becomes law.

There is an unending stream of blogs and whitepapers giving advice on how to become GDPR compliant – typically from solution providers claiming to have “the answer”.

In time, tested solutions will evolve but for now, there is no one size fits all – all recruitment businesses are heavy users of personal data, using data in a range of different ways.

100% compliance is unrealistic and the ICO is not expecting this: prioritising key compliance measures is crucial at this stage.

Compliance outputs (such as new privacy notices and contract updates) need to reflect how each recruiter collects, uses and retains data. Short-circuiting this data analysis process is likely to prove a false economy in the long run.

“Noise” in the market is leading to an increasing number of misconceptions about what GDPR actually means for recruiters, including:

  • I need to obtain consent from all those whose details I hold on my database
  • I can rely on LinkedIn’s or other job sites’ data privacy notices to lawfully process candidate data I download from those sites
  • The CRM can deliver full GDPR compliance
  • My recruiters will not have to change how they work.

Misinformed “advice” is leading some recruiters to develop compliance programmes based on wrongful analysis and assumptions. As a result many are unworkable, leaving the business exposed to GDPR risk.

In our second GDPR Webinar with Frances Lewis from Osborne Clark, we tried to dispel some of these misconceptions.

Why will this webinar be different from all the others?

Becuase, we have no GDPR solution to sell,

Our goal…….to help recruiters better understand what it means to them and focus their GDPR projects in an informed way.

Questions We Answered

4:00 – Misconception 1: “I need consent from all those whose details I hold on my database”
5:45 – What are the 6 grounds for processing data under GDPR?
8:00 – If a candidate found on a job board says “I am interested in the position” can a recruiter add their CV to the database?
10:23 – What is the role of the privacy policy?
13:00 – If a candidate sends you their CV, does that qualify as ‘consent’ to process their data?
15:30 – What do I do with candidates already in my database?
17:40 – Do I still need consent from a candidate to send their CV to a client?
21:50 – How does GDPR apply to client information in my database?
23:50 – Misconception 2: “I can rely on Linkedin or job sites’ data privacy notices to lawfully process candidate data I download from those sites?”
30:30 – Misconception 3: “My CRM can deliver full GDPR compliance”
33:22 – How are businesses managing ‘Excel Risk’ in their GDPR projects?
35:00 – What can businesses do to mitigate risk from printed data, such as CV’s?
39:38 – Misconception 3.5: “My recruiters will not need to change the way they work.”
42:00 – What are some of the typical recruiter behaviours that will need to stop post GDPR?

About Alex Moyle

I have spent the last 14 years helping 000's of recruiters be better at what they do. My goal is to make recruitment simple. I love using analogies that connect a recruiters job with the things they have already experienced. Please comment or ask questions below, I try to answer everyone. To stay updated with our latest blogs and videos sign up below.