With GDPR coming into effect on 25th May, you might be wondering how the new data protection laws will affect you as a candidate when applying to a recruitment agency. We want to help our applicants feel prepared and confident when the changes come in so here is Resources Group’s 3-minute guide to GDPR and the recruitment process.
Regulations for businesses, not for people
First things, first: you don’t need to do anything differently as the GDPR – or the General Data Protection Regulations – applies to data ‘processors’ and data ‘controllers’. Essentially, what this means is that the new laws will apply to both those who determine why and how personal data should be processed and those who carry out this processing on their behalf. This could be anyone who holds data on you; your bank, employer, email provider and even any recruitment agencies you’re using to help you find your next job.
A significant part of the new data protection rules revolves around a heightened standard for consent. So, from now businesses will need you to agree for your personal data to be stored and to give your consent as to what ways the company is allowed to process said data.
This comes under the rights for individuals under GDPR, including:
Applicants can also ask to have their information changed, completely deleted, or restricted for certain forms of processing.
GDPR and recruitment agencies
There are two broad categories of recruitment agency: the “contract/temp” agency and the “introduction-only” agency.
The first category is where the agency acts as your employer, charging the end-employer (the place where you are contracted to work) an overall charge for your employment (including tax, NI, agency admin fees) and paying you directly thereafter. This category of agency usually requires the most data from you such as D.O.B, nationality, NI number, bank details etc, plus additional biometric and/or personal information such as your race, religion, any disabilities etc. These agencies will also perform a significant amount of processing in terms of payroll, tax and other business admin concerning your employment. GDPR will have a significant impact on these agencies who are likely to require your consent for many actions.
The second type of agency - introduction-only - is when you apply for an advertised vacancy and the agency only undertakes a screening and/or matching service for the client, who after an introduction and a successful recruitment process, will employ you directly and will pay the agency a ‘finder’s fee’ for filling the job. Resources Group is in this category and we require only basic levels of information from you in order to process a job application. Typically, this involves only storing the information you have volunteered: your CV and contact details, plus any other information you provide in support of a job application. Consent is still required, but if you are applying for a job and sending your CV and contact details it is usually deemed implicit consent to hold your information only for the purpose of processing the job application. Most agencies will not ask your consent at the outset for a job application, though Resources Group has built consent into our screening process to make it easy and clear for you.
Recruitment before & after GDPR
The recruitment industry pumps more than £35 billion into the UK’s economy each year, with millions of people using specialist recruitment consultancies to find the perfect role to suit them. Up until now, the recruitment industry was largely self-regulated, with all that such a system entails. For over twenty years, Resources Group has provided all applicants with a set of guarantees on how we use your information, the most significant being that we will never share your CV and any other information with a third party without your prior consent. However, not all agencies would make this guarantee; but when GDPR comes into effect on the 25th May 2018, all agencies will now require your explicit consent to put you forward for a job and/or share your information with a third party. This is good news for applicants as for the first time it compels all agencies to comply with this good practice and gives control to the individual on where their CV is going.
There are several key directives which will apply to recruitment agencies and in-house recruitment teams once GDPR arrives:
The need for a legitimate reason to process your data.
Recruiters will be able to source candidate data (either passively or pro-actively) as long as the information is job-related and they intend to contact you.
The requirement for your consent to process your sensitive information.
All recruiters you work with will need to ask for your explicit consent if they want to process data such as disability information, cultural, genetic or biometric information and any background checks. You will be able to withdraw your consent at any time and ask to have your data changed or deleted too.
The need to be transparent about processing your data.
Recruitment firms will need to have clear privacy policies laid out and made available to all candidates. This will need to disclose where they store your candidate data and state that the information will be used for no other purposes than those you have agreed to.
GDPR and your job search
The General Data Protection Regulations aim to give individuals more control over how their information in used by organisations. As above, when it comes to your job search, all this means is that you will need to give your permission that a recruiter may store and process your information. Easy!