Welcome to the post-apocalyptic GDPR compliant reality…
Judgment Day was Friday, May 25, 2018, from which the regulation now has the all-dominating iron grip on the way we use and process data…
Luckily we are all here (though with slightly shorter mailing lists than before), so it’s probably not as bad as feared…
GDPR stands for the General Data Protection Regulation, and I’m not going to go in depth with the whole concept, since you’ve probably had your ears full of it the last few days, weeks, and months.
Basically, it is about you having to take care of how you process personal data – ie. information relating to a person. Whether you are trading B2C or B2B, a person is a person, which is why information about him or her is personally sensitive information.
As I sense it, the big focus is how we process our customers’ information.
Not that it does not matter, but I also allow myself to strike a blow for the more “internal” information – especially those that are accessed in a recruitment and recruitment process.
I have chosen to present 5 GDPR-related matters that you need to be aware of when hiring. If you follow these, you are 5 steps closer to having GDPR-secured your recruitment and recruitment process.
1. Get rid of applications and resumes
When you need to hire, you usually receive a lot of applications and resumes. It can be hugely tempting to save the second best who did not get the job but are still possible candidates for future positions.
Here, however, you need to pay attention.
CVs and applications fall under the category of personal information, which is why you may not store them without consent.
To get permission, contact the candidate and explain why you want to save your resume and application. You must then request the written consent of the person.
Also read: How have the participants from Løvens Hule fared? Listen to this podcast and get the answer.
2. Have an overview of your data
As mentioned above, you have to save pretty much everything – as long as you have the person’s clear consent.
However, it is crucial that this information is processed correctly.
If a previous applicant asks you to delete the information, you need to know exactly where it is so that you can delete it all. In addition, they must also be protected so that they do not fall into the hands of the wrong people.
According to the Personal Data Regulation, you also have a responsibility when sharing information with suppliers. During a hiring process, you may work with a recruitment agency. It is your responsibility to ensure that the agency complies with data laws and protects your applicants’ data.
3. Pay attention when communicating internally
During the recruitment process, it is of course allowed to store personal information on applicants. This is because you have a clear purpose, which you do not have after the position is filled.
However, you still need to take care of this information. This can be done by restricting access to them so that only those involved can come to them.
In addition, you must also have a procedure for how to obtain this information.
I would also advise against communicating by mail if opinions about a candidate are to be assessed and exchanged. The reason is that it is difficult to ensure that the information is processed in accordance with the Personal Data Regulation.
4. Collect only relevant information
This is especially relevant if you use digital application forms.
The questions you ask must be relevant to the position and must therefore be collected with a clear and formulated purpose. You must also be able to document this.
Is it important for the position with an exact address? – Or is a postcode plentiful? What about marital status and health information?
5. Stay up to date – throughout the organization
Now, for good reason, I do not know the size of your business. But in many cases, there are several people involved in a recruitment and hiring process.
Maybe an HR employee or two who screens candidates. Then a department head who relates to the best qualified. Then the same department manager and an HR manager must handle the initial job interview, which may include a test. The result of this test must then be reviewed by a person in charge, who forwards the results to another person who holds the last job interview… etc…
These people involved in the process must all be up to date and have sufficient knowledge of the Data Protection Regulation. My advice to you is therefore that you make sure that they are up to date – either through internal training, workshops, courses, lectures or other form of education.
* Disclaimer: The above is solely my best advice for your GDPR-safe recruitment process. It shall not be construed as adequate legal assistance, and Statum, or representatives thereof, shall not be liable for any consequences thereof.
Do you lack inspiration to write a job advertisement that attracts exactly the candidates you need? Then you should read this post.
Want to know more about what considerations to make when hiring salespeople? So read this post on recruiting salespeople.