Book a Free Demo



What is GDPR and how has it affected the way organisations recruit?


The General Data Protection Regulation (GDPR) has had a significant impact on the way organisations recruit.

General Data Protection Regulation

What is GDPR?

It is designed to bring data protection legislation into line with new and previously unforeseen ways that data is now used. There are two main reasons, why the GDPR has been introduced.

1. To give people more control over how their personal data is being used.

2. To give businesses simpler and clearer guidelines to processing personal data across the EU.

When did the GDPR law come into force?

The regulation came into force on 24 May 2016, however this then became law on 25 May 2018.

Top Cloud Icon

Who is responsible?

The GDPR applies to ‘Controllers’ and ‘Processors’ of personal data.

The definitions are broadly the same as under the DPA – ie the Controller says how and why personal data is processed and the processor acts on the Controller’s behalf. If you are currently subject to the DPA, it is likely that you will also be subject to the GDPR.

If you are a Processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities.

You will have significantly more legal liability if you are responsible for a breach. These obligations for Processors are a new requirement under the GDPR. However, if you are a Controller, you are not relieved of your obligations where a Processor is involved – the GDPR places further obligations on you to ensure your contracts with Processors comply with the GDPR.

For the GDPR, as a recruitment software provider networx are the Processor, and our clients are the Controller.

However if a client uses networx recruitment services to manage vacancies, then networx are the Processor and the client and networx are the joint Controllers.

Bottom Cloud Icon

Confused about GDPR? Speak to a member of our team today

General Data Protection Regulation

What are the penalties?

Any data breach (including Cyber Attacks) must be reported within 72 hours. Failure to report a breach within the 72-hour deadline could face a penalty of up to 2% of their annual worldwide revenue, or €10 million, whichever is higher.

If an organisation does not follow the basic principles for processing data for example they fail to get consent from candidates to process their data or don’t provide candidates with the option to delete their information the fines can be even bigger. The data protection authority can issue penalties of €20 million or 4% of your global annual turnover, whichever is greater.

Recent News Keep up to date with the latest news from us here at networx recruitment.

Top recruitment trends to watch in 2019

It’s that time of year again…when people predict what the new year will have in store and set their sights on 2019. The past year has seen some significant trends... read more...

Gender Pay Gap

This year saw the first ever gender pay gap report, that highlighted the true extent of the differences in pay between men and women in the UK. Of the 10,000... read more...
© 2018 networx recruitment | Site By Punch Creative

Wait... Not quite ready to book a demo but want to find out more?

Please leave your details and one of our team will contact you to discuss your requirements.

Leave your details below &
we will call or email you back!

What's the best way to reach you, to schedule a demo with a networx expert?

Please leave your company details below:

View our privacy policy