Recruiting Candidates in Europe? Familiarize Yourself with the Updated GDPR Requirements

Recruiting Candidates in Europe? Familiarize Yourself with the Updated GDPR Requirements
October 20 12:13 2017 Print This Article

Recruiting Candidates in Europe? Familiarize Yourself with the Updated GDPR Requirements

By Mahe Bayireddi October 20, 2017

 1If you’re recruiting candidates in Europe, you have until May 25, 2018, to familiarize yourself with and prepare a strategy for tackling coming changes to GDPR — planning and implementing solutions for complying with the requirements of the regulation. Otherwise, you could face potential non-compliance issues that could come as a result of not following the requirements.

Here’s a look at GDPR, the implications of non-compliance, and how organizations can prepare to meet the requirements of the updated regulation.

What GDPR Is

Adopted by the European Parliament in April of 2016, the General Data Protection Regulation requires businesses to protect the personal data and privacy of European citizens for transactions that occur within European states. Personal data includes names, photos, email addresses, bank details, posts on social networking websites, medical information, or even a computer IP address.

In addition, the GDPR regulates the exportation of personal data outside of the European Union, so understand how this impacts your global business. Essentially, whether or not you are physically located within the European Union, GDPR impacts your organization as long as you are processing and storing personal data of individuals who live there.

Key Changes to GDPR

The key changes of the GDPR include the following:

  • Increased territory
    GDPR applies to the citizens of the European Union, and it does not matter if your organization is located in Europe or elsewhere.
  • Increased Penalties
    There is a tiered approach to fines, but organizations who are non-compliant face increased penalties, both financial and reputational.
  • Heightened Consent Regulations
    No more gray area with obtaining consent. Organizations have to clearly request consent from users for data collection.
  • Mandatory Violation Notification
    A violation of data privacy must be reported within 72 hours, and all customers have to be notified as well.
  • Right to Access
    Organizations must provide information on personal data processing to any users falling under GDPR. Additionally, you have to provide those users with a copy of the personal data for free.
  • Right to Be Forgotten
    Users have the right to ask organizations to erase their personal data, no questions asked.
  • Systems Designed for Data Privacy
    Organizations must implement systematic changes designed to protect data privacy, and can only process data to complete the necessary tasks — limiting access to those who don’t need it.
  • Appointing Data Protection Officers
    Aside from internal recordkeeping requirements, some organizations will be required to appoint a Data Protection Officer if the core business activities revolve around data collection and systematic monitoring.

Here’s What Can Happen If You Don’t Comply

According to a global research report from Ovum, two-thirds of businesses expect to have to change their global business strategies to accommodate new data privacy regulations, and over half of businesses think they will be fined due to the pending GDPR in Europe.

Whether or not you prepare for the GDPR changes, know what can happen if you are inadvertently or purposefully non-compliant. Here’s a look at the implications:

  • You could be fined up to $20 million dollars or 4 percent of global sales.
  • Claims for compensation will become significantly easier.
  • GDPR regulators will require you to cease processing of personal data violations.
  • For all data violations, the Information Commissioner’s Office will be notified within 72 hours.

Aside from the financial repercussions, organizations can face a blow to their employer brand and reputation, hurting their ability to be successful in the European states.

Prepare for GDPR Changes Now

Even though the updates to the GDPR won’t impact your organization until May of 2018, you should take proactive steps to prepare now so you greatly reduce or eliminate your risks of non-compliance.

Here are some areas you should take a look at first:

Put Together your GDPR Plan — Take the time to read through the GDPR and its updates, and prepare a plan that addresses how your organization will ensure each GDPR requirement is met.

Determine Appropriate Solutions — If your organization is recruiting candidates and accepting resumes and other personal data from European citizens, figure out how to comply with the GDPR requirement of collecting personal data and properly protecting it.

The original article (and image) was originally posted here: https://www.ere.net/recruiting-candidates-in-europe-familiarize-yourself-with-the-updated-gdpr-requirements/

  Article "tagged" as:
  Categories:
view more articles

About Article Author

GDPR Associates
GDPR Associates

View More Articles
write a comment

0 Comments

No Comments Yet!

You can be the one to start a conversation.

Add a Comment