As an employer, you should already know about the new GDPR law that will come into effect in May 2018. The new law will be taking the place of the current Data Protection Act 1998 and has much stricter rules and regulations that will affect the way HR departments do their job. When the new law comes into place, those who apply to your jobs will have more control than ever on what data you hold on them and if you can have it in the first place.
But most importantly, how will it change your hiring?
When it comes to storing and sharing data on people who have applied for roles, you will now have to ensure that you have permission to share that data in the first place by creating a shared data agreement with the person’s data you are sharing (for example you may share it with a sister company or an external company). Any current agreements that you have with applicants whose details you may be storing will not be valid and you will have to send out new terms and conditions for your existing and new applicants to either accept or decline for you to be compliant with the new law. It is best for companies to start putting together these new agreements now to ensure that your applicants are all compliant
to your new agreement in time for May. This will help you avoid last minute rush in updating and removing your current stored data.
If you also currently use automated profiling/decision making to filter or even find applicants, you will need to rethink the way that you find your people. Once the new law comes into place you will have to notify the people you are profiling that you are in fact profiling them and give them the option as to accept this or to decline. If this is the case then you may need to re-think your processes.
Right now, when someone applies for a job, you might be storing their data under several different applications, and it may be all a bit jumbled and unorganised, making it hard to find all the information on one person (i.e. email system, spreadsheets and even an ATS). You need to ensure that all your information is being stored in one place, whether that be by turning to an ATS system or something less technical. By doing so before the new law comes into place, you can organise your data and understand what information you hold on everyone, therefore if someone opts out of you storing their data, you can quickly and easily remove all data on them. The same rule also goes for onboarding systems. When a person is hired you will need to be able to have all the information on their hiring journey, from the initial interview through to them starting. This can be made easier by ensuring that you have a sufficient ATS that can record these processes easily.
At the moment you may only actually have one initial agreement or terms and conditions when hiring as individual. However, you are now going to need multiple agreements for different things. For example, many unsuccessful applicants are stored on a separate database and used for other purposes such as sending them emails or mass mailshots. In order for you to be able to contact them you will need to ensure that you have had them agree for you to contact them on all platforms through a separate agreement. This of course means that when it comes around to May 2018 and you have forgotten to send out the new terms and conditions to ensure you are compliant to the new law, you will then have no
right to send out any emails to any of your previous applicants, which could have a major impact on your hiring.
It’s likely that your organisation has looked into GDPR, but many seem to overlook hiring of employees. Being prepared in advance will prevent you from losing applicants because you couldn’t comply in time with holding their information with their consent. It will change your hiring in many ways and will expose any weakness you have in holding your data.