GDPR (General Data Protection Regulations) is coming…
Why, When, How Much, Who and Brexit?
For goodness sake – I'm compliant with the ICO – why the new law?
To harmonise data protection across the EU and because the current regulations are 20 years old (pre-Facebook etc). Things have really changed!
Hold on… Brexit? Why do I need to bother if we’re leaving?
GDPR comes into force before we leave the EU - hence we are bound by it. After Brexit, we have no idea if the UK will make changes to the law. Plus, if we also leave the EEA (European Economic Area) when we leave the EU we will have to demonstrate that we are compliant with the countries that we are trading data with. We need demonstrate “equivalency with GDPR”.
I’ve heard that the fines are only aimed at large companies
Nope – these fines apply to every company. Fines of 4% or £20m euros (whichever is higher) have been documented. This has increased from the current £500,000 in the UK.
Note, though, that if you have less than 250 employees you may be exempt from some of the record keeping requirements – but check with a legal eagle first!
GDPR is ages away… I’ll bench for now
Yes, 25 May 2018 feels a while off, but look back at the last 12-24 months… so many distractions, so much has happened… and recruiters, often the victims of the “cobbler’s shoes” approach to managing their businesses, need to be a little selfish and get cracking with this. Imagine someone watching your approach right now and getting ready to report you… when the gun goes off… And please ignore any hearsay about a “leverage” period post May 2018… this is your time to gain leverage of the GDPR regs.
Questions you need to think about (and action)
What is your plan? When’s your audit to review your current process and design, document and communicate your new processes?
What is your plan for your own HR data - your employees?
What is the plan of your clients? Are you speaking to them about this and keeping abreast of their policies and plans?
What is the plan of your suppliers? Are you speaking to them about this and keeping abreast of their policies and plans? You need to review your contracts with these suppliers and ideally setup new contracts with them which are GDPR compliant. Be aware that costs may increase down to your suppliers (and yourselves) having to become compliant.
Next Steps to Get you Started
- Understand what data you have
- Where it is
- How you use it
Ideally carry out a data audit of data and processes. Do a gap analysis with your processes and those expected of you by GDPR. Update your policies and procedures and be sure to effectively communicate changes with your teams, clients and suppliers.
Remember - GDPR may seem daunting, but we see it as an opportunity to get your business working the way you've always wanted!