Reactions to GDPR are wide-ranging, but the two biggest reactions are these:
- Confused. Stood, mouth agape, scratching your head like a tropical orangutan.
- Apathetic. Eyes closed, shrugging – the personification of meh.
We know this because a Dell study suggested 80% of us know little to nothing about GDPR, while 97 percent said their companies don’t have any plans to implement the new rules.
Are you either of those?
If so, don’t panic. You can get our free 10 step guide by downloading it here. It covers the ten steps you can take to stay compliant, plus information on what it is, fines, and how to prepare.
If you’ve not got time for that right now, here’s a quick run-through, and you can check out the white paper later.
Gosh-Darn Pain in the Rear
What is GDPR? Good question.
The General Data Protection Regulations relate to how personal information is processed.
In the world of GDPR, privacy is king.
According to IPSOS trend polls, there’s a growing expectation that technology will impact a person’s privacy and people are showing concern. GDPR exists because of that concern.
It has evolved to set limits on the exploitation of personal privacy as our technologies process more of our personal data.
And businesses, from sole traders to multi-nationals, across all sectors, with employees, clients or customers in Europe, will have to comply with GDPR regulations. So that’s virtually everyone, and almost certainly you. SMEs certainly aren’t exempt.
Although much focus has been on customer privacy, GDPR requirements also extend to employees past, present and future.
Now, when it comes to GDPR in HR and recruitment, there’s a lot of confusion. A lot of questions. And there’s heavy fines – into the millions – for getting it wrong. Not knowing isn’t an excuse, so ensuring you aren’t in breach of GDPR is paramount.
Here’s one of the common ways you could fall foul:
A recent survey by CareerBuilder found 60% of businesses use social media for recruitment screening and employee conduct checks. Under GDPR, this could be history, at least in its current format.
But there are other ways you could be non-compliant.
So what, specifically, do you – the SME – need to do to stay above board?
The House Consent Built
You need to build your organisation into a GDPR house. Get ready for a tenuous metaphor.
When you’re building it, the foundations are consent – the legal basis upon which the house stands.
Consent from customers, clients and employees to use their data. Whether that’s for contracts, recruitment initiatives, or work-based tasks.
GDPR insists on accountability of action. You can’t just craft a contract and bang a few opt-out clauses in there.
When asking for consent to collect, store and use data, it has to be:
No being underhand, no tricking anyone. They don’t want to give it, you have to say ‘fair enough’.
Get this right, and your GDPR foundation is laid. Building on that, you use the bricks and mortar of individuals’ rights to manage and control the processing of their data.
Your employees and recruitment candidates get several ‘subject rights’ under GDPR. They include, but aren’t limited to:
- The ‘right to be forgotten’ – erasure (not the Little Respect band)
- Portability of data
- Easily accessible data
- The right to redress incorrect information
Your challenge is to make sure your candidates and employees are getting their privacy rights, while still being able to store and use data in a way that lets you do your job.
Preparing for GDPR doesn’t have to be hard
GDPR might seem like it’s just going to get in the way, but it can actually help.
Finding good candidates is expensive, both financially and in time and effort. 69% of organisations have difficulty in recruiting skilled staff. SMEs have even more difficulty finding quality candidates. (FordeHRCloud)
But if an organisation is overt in the way they deal with GDPR – if they can show they’re smashing it organisationally, and care about their employee and candidate privacy – they’re going to look more attractive.
So, get into the GDPR compliance zone.
In our guide, “How GDPR Affects HR and Recruitment” we’ll give you ten positive steps to help you get ready.
- Map your data
- Consent, policy and process reviews
- Communicating changes
- Performing training
- Carrying out impact assessments.
For the rest, you’ll need to check out the free whitepaper.
It’ll even teach you how GDPR affects HR and Recruitment within SMEs, with case studies to help you tailor your own solutions for specific issues.The deadline is May 2018. It’s looming.
But look, we’re not here to scare you into finding out more. Bottom line is you have to stay compliant, and to do that you have to know about GDPR.
Don’t panic. You can download the free 10 step guide to preparing for GDPR here. Thank us later.