GDPR 6 months in: a recap and refresh for recruiters7 min read
Recruiters and employers that source European candidates are well aware of the changes to the GDPR that affected HR practices. But these changes happened on May 25th, 2018, about 6 months ago at the time of the Twitter chat! Are you keeping up with staying compliant? That’s what we took to Twitter to find out.
To get things started, a few #TAinnovators pregamers tweeted some insight for our talent acquisition community:
“The main thing about GDPR is to be open and honest about your data holdings. Train your managers that it is not OK to hold on to CVs “just in case”. Make things as clear as possible for those reading your privacy notices.” – @DementedDaddiar
“Recruiting? Stop and think whether you are passing applicant data to others as part of your process. Have you told the applicant? Make sure that you give each applicant a Data Privacy Notice so that they know how you are processing their data.” – @CHERINGTON_HR
Then the questions began! Read on to figure out the state of the GDPR in HR 6 months in.
Q1. What experiences have you had with the GDPR changes since May 25th? These can be positive or negative. Have you noticed any compliance issues?
The GDPR 6 months in will impact your sourcing practices just as much as it did 6 months ago! The only difference is that you may have slipped up in your compliance. This might not be true for everyone; in fact, the time that has passed may have given you the opportunity to refine your GDPR compliance skills! That’s why we asked you what experiences you have had with keeping candidate data privacy a top priority.
@enmichael “noticed recruiters and employers that store candidate data seek consent to keep storing [the] same and explain the implication of GDPR.” This is a step in the right direction! This #TAinnovators participant let us know some further info on how companies achieve this: “Some[,] or most actually[,] provide a link that you can click on to remove yourself from their record if you do not consent to them keeping your data. Automatic self removal from data storage system is the way to go”. And we agree!
An Applicant Tracking System (ATS) that comes with a GDPR feature pack that you can switch on and off is crucial. This way, you can have candidates from the EU give their consent to their data being held for certain periods of time. Recruitee will also let you know when this retention period has expired so that you can easily delete candidates.
@Lawhound, a tech and legal-savvy consultancy from the UK, reminded us that if you have any external forms of keeping data (think, spreadsheets or paper backups), you need to have a system in place to delete those accounts accordingly. It’s worth it to invest more resources in cleaning up your data processing system!
@Lawhound went on to explain their experience with the GDPR 6 months in, stating that they “have noticed in advising clients more focus on getting all policies updated – so not just GDPR requirements. For most businesses work started in May and so compliance is ongoing – a journey not a destination”. We couldn’t have said it better ourselves! So what does this ongoing GDPR in HR journey entail? Other #TAinnovators also noticed some disgruntled candidates on Twitter complaining about their data being mishandled by employers under the GDPR. This just means that getting the right tools is a great starting point.
Q2. Under the GDPR, do you still use email finding tools when sourcing? How and which ones?
If you haven’t looked into GDPR compliant sourcing tools, you are behind. Under the GDPR, sourcing has some restrictions in place. For instance, you can’t scrape sites for potential talent data. This does not give the talent the opportunity to consent to the processing of their data by you, the recruiter/employer/other data processor. So does that mean that email finding tools are out of the question? The #TAinnovators weighed in:
- Don’t use email finding tools;
- Email tools are unpopular with candidates;
- And none are likely to be compliant now;
- Source candidates organically;
- Keep them in talent pools in a compliant ATS.
This just about covers it. Just because your hiring team hasn’t had any problems staying compliant with the GDPR 6 months in, it doesn’t mean that issues won’t arise in the future. It just takes one unhappy candidate to taint your employer brand, as well as cause unnecessary legal situations. Do you have any email tools that you rely on, even under the GDPR? Let us know in the comments!
Q3. What questions do you still have about the GDPR in HR? Have you had any questions from customers?
It’s not uncommon (or shameful, for that matter) to have questions about the GDPR 6 months in. You may have heard that “there are no stupid questions”, and this is the case with the GDPR in recruitment. It pays to ask the tough questions, the easy ones, and all of the ones in between! Otherwise, you may slip up on something that could’ve been avoided.
Our #TAinnovators had a few questions about the GDPR 6 months in. You may be wondering about them, as well, so here is an example of a common question:
– “Just wondering, some firms use HR Service Centers based in a different location which handles employees data[. I]s it going to get [affected]?” – @Shan_mhd
@Recruitee answer: “These data centers should state that they are compliant with the GDPR, as well – even if they are outside of the EU. We recommend asking this to our Data Privacy Officer during the webinar.” However, it’s best to find tools, like Recruitee, that adhere to data export restrictions, keeping all data within the European Union.
(Hint: You can sign up for our frequent webinars to learn more about various recruitment topics! Watch @Recruitee social channels to keep up to date. If you’re a fan of exclusive content and webinar recordings, join us over on the Talent Acquisition Innovators Facebook community, as well.)
For all legal questions, we recommend consulting legal advisors. They won’t judge you for seeking assistance getting up to speed with the GDPR 6 months in. You can also read more on features of your hiring process needed for GDPR compliance here.
Q4. What is one positive thing in recruitment that has come about due to the GDPR?
Keeping up to speed with the GDPR 6 months in has its perks. The obvious benefit is staying out of legal trouble! But what else does it glean for our recruitment efforts? The #TAinnovators participants weighed in on how it has helped their hiring:
@BrainBlenderTec: “Rapid assessment profiling as data is compiled & dissolved as needed”
@enmichael: “Being GDPR compliant gives candidates confidence in the processes of the employing company. Company is seen as handling candidates data ethically.”
@Lawhound: “For those who are able to advise clients properly and lead by example in their own business there is no greater way to rise to the top. Sadly few have seized on this. If not trust then risk assessments force this.”
@TAinnovatorBeth: “Showing potential talent that you are compliant with the GDPR is great for employer branding! It builds trust. Just make sure you keep your word!”
We can all agree that staying compliant with the GDPR 6 months in is crucial to your sourcing success. What about hiring in the future? Do you think you’re prepared to process data under the GDPR 6 months in? What about a year? Two years? We’ll keep you updated on blog.recruitee.com, and tweet at us with any concerns. Let’s stay compliant, together!
Join us on Wednesdays at 11 a.m. ET by following #TAinnovators on Twitter!
#TAinnovators is a live chat that delves into the talent acquisition world and encourages discussion of trending recruitment topics. Follow @Recruitee on Twitter for updates.